JP2009123039A - Transaction authentication method - Google Patents

Abstract

<P>PROBLEM TO BE SOLVED: To solve problems that since all processings such as determination processing for determining which authentication is applied to a transaction condition and authentication processing are executed on the system side (center side) in a conventional method, much load is applied to the center side and a user may be kept waiting during traffic between a center and a terminal, and since the use of authentication data for processing other than authentication processing itself is not examined at all, efficiency of processing is not improved. <P>SOLUTION: Which authentication is applied is performed by a settlement terminal and the processing of the settlement terminal is changed according to this result. Namely, when a fixed condition is satisfied, information (either biological information or a password) necessary for authentication and settlement information (including a transaction amount) to be used for settlement (or transaction) processing in a settlement server are transmitted to an authentication server for authenticating a user, and when the condition is not satisfied, a settlement request including the settlement information is transmitted to the settlement server. <P>COPYRIGHT: (C)2009,JPO&INPIT

Description

  The present invention relates to a technique for realizing a transaction using biometric authentication. Among these, it is related with the technique which changes an authentication level especially according to transaction. In the specification of the present application, a transaction that does not involve so-called settlement is also included. For example, the present invention relates to provision of a predetermined service such as an access request to a database and determination of whether access to the database is possible.

  Currently, as a technique for performing authentication, a biometric authentication technique using biometric information such as veins is widespread. Further, in transactions including financial transactions, it is generally allowed to allow transactions when the authentication result of the user is “acceptable”. For example, an ATM “automatic cash transaction apparatus” is configured to enable transactions when a four-digit password matches. In this case, in order to achieve both the convenience of the user and the accuracy of authentication, it has been proposed to change the authentication method according to the transaction content such as the transaction amount.

  For example, in Patent Document 1, the transaction side prepares separate authentication forms with different security levels, and changes the authentication form in accordance with transaction conditions (withdrawal of 1 million yen or more). It is disclosed that normal authentication is essential and additional authentication is performed when the transaction condition satisfies a predetermined requirement.

  Patent Document 2 discloses that simple authentication processing is executed when the transaction amount is less than the limit amount of the corresponding payment method.

JP 2002-304522 A, paragraph 0044 JP-A-7-262455, claim 2

  However, in Patent Document 1 and Patent Document 2, since the determination of which authentication is used for the transaction condition and all of the authentication processing are executed on the system side (center side), a load is applied to the center side. There is a problem that the user is kept waiting for traffic between the center and the terminal. Furthermore, no consideration has been given to the use of authentication data for processes other than the authentication process itself, and thus the efficiency of the process has not been achieved.

  Therefore, in the present invention, which authentication is performed is performed at the settlement terminal, and processing of the settlement terminal is changed according to the result. That is, when a certain condition is satisfied, the authentication server that authenticates the user (information such as biometric information or password) and the payment information used for the payment (or transaction) processing in the payment server ( (Including transaction amount), and when the above conditions are not satisfied, a settlement request including settlement information is transmitted to the settlement server.

  Further, the present invention includes transmitting a settlement request including settlement information from the authentication server to the settlement server when the authentication server authenticates using information necessary for the authentication. In this case, a user authentication number for identifying the user may be included in the settlement request. In this case, the personal authentication number is stored in advance in the storage device in association with the authentication information, and the personal authentication information associated with the authentication information specified as a result of authentication is used. In the settlement server, the user is specified by specifying the card number or the like using the personal authentication information.

  Further, the present invention includes a configuration in which the authentication server stores the received payment information in the storage device, and when the transaction request is transmitted to the payment server, the payment information stored in the storage device is deleted.

  In the above configuration, the payment server may be configured to determine whether or not the payment processing is appropriate based on the presence or absence of an authentication number when a payment request is received from the authentication server. In this case, when a payment request is received from the payment terminal, the payment request may be unconditionally executed.

  Further, a storage medium including an IC card may be used for the transaction, and information related to the user included in the storage medium may be included in the payment information in the transaction request transmitted from the payment terminal to the payment server. In this case, the payment server may use the information about the user to determine whether the payment is appropriate. Similarly, information about the user may be included in the information transmitted to the authentication server.

  More specifically, the present invention includes the following configurations.

A transaction system for performing a transaction requested by a user, wherein a settlement terminal that accepts the content of the transaction requested by the user, an authentication server for authenticating the user, and an information process for the transaction In a transaction authentication method using a transaction system in which payment servers to be connected to each other,
The payment terminal is
Remember the condition information that shows the conditions in the transaction,
Request the transaction from the user, accept a transaction request including the content of the transaction,
Compare the contents of the transaction request with the conditions to determine whether the contents satisfy the conditions;
If the condition is satisfied, authentication information used for authentication of the user is received from the user, and the authentication information is transmitted to the authentication server.
The authentication server is
Using the transmitted authentication information, execute authentication for the user,
The payment server is
A transaction authentication method, comprising: executing transaction processing corresponding to a transaction request of a user authenticated by the authentication server or a transaction request transmitted from the payment terminal.

In this transaction authentication method,
When it is determined that the payment terminal satisfies the condition, the payment terminal transmits the authentication information and the transaction request to the authentication server,
When the authentication server is authenticated as a result of the authentication process, the authentication server transmits the received transaction request to the settlement server,
It is also included in the present invention that the settlement server uses the transaction request transmitted from the authentication server as the transaction request of the user authenticated by the authentication server.

In the above transaction authentication method,
The authentication server transmits the result of the authentication to the payment terminal;
When the result of the authentication is to authenticate the user, the payment terminal transmits the transaction request to the payment server,
It is also included in the present invention that the settlement server uses a transaction request transmitted based on the result of the authentication as a transaction request for a user authenticated by the authentication server.

In the above transaction authentication method,
The authentication server stores in advance a personal authentication number for identifying the user in association with the authentication information of the user,
When the authentication server is authenticated, the authentication server transmits the transaction request and the user authentication number of the user to the settlement server,
For the transaction request from the authentication server, the settlement server also identifies the user using the personal authentication number and executes the transaction process.

Furthermore, in this transaction authentication method,
The authentication server is
Store the contents of the transaction included in the received transaction request in the storage device,
When the transaction request is transmitted to the settlement server, the present invention includes erasing the contents of the transaction stored in the storage device. Thereby, even when the operator who operates the authentication server from the business operator who uses the payment terminal is entrusted with outsourcing, it is not necessary to spread the transaction information to third parties regarding the payment.

In these transaction authentication methods,
The payment terminal accepts an input of the user's biometric information as the authentication information when the condition is satisfied.

  Moreover, in this transaction authentication method, using the said user's vein information as said biometric information is also contained in this invention.

  In this system, the operators of the payment terminal, the authentication server, and the payment server may be configured differently. In particular, the operator of the authentication server may be operated by entrusting outsourcing operations such as authentication from a plurality of operators (operators of the settlement terminal).

  In addition, as the above condition, the use of whether the transaction amount is a certain amount or more is also included in the present invention.

  Further, the present invention uses user identification information (or information identifying a card or an account related to the card) stored in a storage medium such as an IC card used by the user for the transaction. Thus, it includes narrowing down biometric information to be compared with the input biometric information, and performing authentication using the biometric information with an authentication server by performing comparison processing with the narrowed down biometric information. In this case, it may be configured such that whether the above-described condition is met (a transaction of a certain amount or more) is determined by a device other than the payment terminal (authentication server or payment server). Further, in this transaction authentication method, when the condition is satisfied, information read from the storage medium such as user identification information is used to narrow down the template of biometric information, and when the condition is not satisfied, the transaction is performed. (For example, information for specifying a user or a lecture).

As one aspect thereof, the following processing is included.
A transaction system for performing a transaction requested by a user, wherein a settlement terminal that accepts the content of the transaction requested by the user, an authentication server for authenticating the user, and an information process for the transaction In a transaction authentication method using a transaction system in which payment servers to be connected to each other,
The payment terminal is
Remember the condition information that shows the conditions in the transaction,
Requesting the transaction from the user, receiving an input of a transaction request including the content of the transaction, reading the user identification information from a storage medium storing user identification information for identifying the user,
Compare the contents of the transaction request with the conditions to determine whether the contents satisfy the conditions;
If the condition is satisfied, the user identification information and the biological information are transmitted to the authentication server,
The authentication server is
User identification information for identifying a user is stored in advance in a storage device in association with the biological information of the user,
The transmitted user identification information is searched from the storage device, biometric information corresponding to the searched user identification information is specified,
By comparing the identified biometric information with the transmitted identification information, the user is authenticated,
The payment server is
Transaction processing is executed for a user transaction request authenticated by the authentication server or a transaction request transmitted from the settlement terminal.

In this transaction authentication method,
When the payment terminal determines that the condition is not satisfied, the payment terminal transmits the user identification information read from the storage medium and the transaction request to the payment server,
It is also included in the present invention that the settlement server executes transaction processing corresponding to the transaction request using the user identification information transmitted to the settlement server.

  Note that the present invention also includes authentication other than transactions. For example, when determining whether or not to access a database, it is determined whether there is an access request to a predetermined database (or data) or another database (or data), and this result In response to this, the above-described processing is executed. In this way, the present invention includes any processing as long as the above-described processing is executed according to the level of content requested by the user (whether the condition is satisfied).

  ADVANTAGE OF THE INVENTION According to this invention, the more suitable authentication technique in transaction can be provided.

  Hereinafter, embodiments of the present invention will be described with reference to the drawings. In the following description, as an example of a transaction, a description will be made with payment, but the present invention includes other modes. For example, cash withdrawal at ATM is included in this embodiment. In addition, the operator of the personal authentication server 220 described below may be realized in a form (ASP conversion) that receives an authentication entrustment from the operator of the settlement server 210. In this case, the operator of the personal authentication server 220 may be entrusted by the operators of the plurality of settlement servers 210.

  FIG. 1 is a flowchart showing a processing procedure of basic operation of the transaction authentication method of the first embodiment.

  FIG. 2 is a diagram illustrating a functional configuration. In FIG. 2, 200 is a payment terminal, 201 is an input / output function, 202 is a card reader, 203 is a control function, 204 is a finger vein information reading function, 205 is a storage function, 206 is a communication function, 207 is a data bus, and 210 is Settlement server, 211 control function, 212 storage function, 213 communication function, 214 data bus, 220 authentication server, 221 control function, 222 function function, 223 communication function, 224 data bus, 230 Is a communication network.

  As shown in FIG. 2, in the transaction authentication method in the present embodiment, the payment terminal 200 has seven functions, the payment server 210 has four functions, and the personal authentication server 220 has four functions. These functions are operated by the hardware of the site (device) and the program that controls the hardware. In addition, what is called CPU and a communication interface are typical as hardware of each site.

  The first function of the payment terminal 200 is a user interface of the payment terminal, which is an input / output device such as a mouse and a keyboard. The sales amount as the sales information, the number of sales, etc. This is an input / output function 201 that numerically and visually displays the result of authentication of the person and the state of the payment terminal.

  A second function of the payment terminal 200 is a card reader, which is a card reader 202 that reads card information such as a magnetic card and an IC card. However, in the present invention, any reader can be used as long as it can read numerical information from a medium storing information. The card reader does not limit the present invention.

  A third function of the payment terminal 200 is a control function 203 that executes a program or device that operates in the payment terminal 200. The control function 203 also controls the execution of the payment means 2031.

  A fourth function of the payment terminal 200 is a finger vein reading function 204 that reads finger vein information as biological information of the human body. The finger vein reading function 204 converts biometric information into electronic information and converts it into information that can be handled by other functions. However, in the present invention, the biometric information is not limited to the finger vein, and if the biometric information is used, the effect of the present invention can be obtained even if biometric information other than the finger vein such as the palm and the fingerprint is used. it can.

  A fifth function of the payment terminal 200 is a storage function 205 that stores information handled by the payment terminal 200. In other words, the payment terminal 200 has a storage device (medium) that stores the above information.

  A sixth function of the payment terminal 200 is a communication function 206 that transmits / receives information to / from the payment server 210 and the personal authentication server 220 via the communication network 230.

  The seventh function of the payment terminal 200 is that the input / output function 201, the card reader 202, the control function 203, the finger vein information reading function 204, the storage function 205, and the communication function 206 operate in cooperation. This is a data bus 207 that enables the delivery of data.

  The first function of the settlement server 210 is a control function 211 that controls execution of programs and devices that operate in the settlement server 210. The control function 211 also controls the execution of the settlement function 2111.

  A second function of the settlement server 210 is a storage function 212 that stores information handled by the settlement server 210. In other words, the payment server 211 has a storage device (medium) that stores the above information.

  A third function of the payment server 210 is a communication function 212 that transmits and receives information between the payment terminal 200 and the personal authentication server 220 via the communication network 230.

  The fourth function of the settlement server 210 is a data bus 214 that enables data to be transferred between the functions because the control function 211, the storage function 212, and the communication function 213 operate in cooperation.

  The first function of the personal authentication server 220 is a control function 221 that controls the execution of programs and devices that operate in the personal authentication server. The control function 221 also controls execution of the finger vein authentication function 2211. The finger vein authentication function 2211 performs authentication by comparing finger vein information with pre-registered finger vein feature value information.

  The second function of the personal authentication server 220 is a storage function 222 that stores information handled by the personal authentication server. In other words, the personal authentication server 220 has a storage device (medium) that stores the above information.

  A third function of the personal authentication server 220 is a communication function 223 that transmits and receives information between the payment terminal 200 and the payment server 210 via the communication network 230.

The fourth function of the personal authentication server 220 is a data bus 224 that enables data to be transferred between the functions because the control function 221, the storage function 222, and the communication function 223 operate in cooperation.
Before describing the details and operations of each function of the transaction authentication method of the present embodiment, information on the information processing capability transaction method handled in the present embodiment will be described.

  FIG. 3 is a diagram illustrating an example of a record configuration of sales information and data corresponding to each record of the present embodiment. In FIG. 3, 3 is sales information, 31 is a card number record that is a number that can be used for settlement such as a credit card, 32 is a sales amount record that is a price at which a product is sold, and 33 is a finger vein that stores finger vein information. Information record. The sales information 3 shown in FIG. 3 is stored in the storage functions 205 and 222.

  FIG. 4 is a diagram illustrating an example of a record configuration of threshold information according to the present embodiment and data corresponding to each record. In FIG. 4, 4 is threshold information, 41 is a threshold number record that is a number for identifying a plurality of threshold information, and 42 is a threshold information record that stores thresholds. The threshold information 4 shown in FIG. 4 is stored in the storage function 205.

  FIG. 5 is a diagram showing an example of the record configuration of the settlement number information and data corresponding to each record of the present embodiment. In FIG. 5, 5 is settlement number information, 51 is a settlement number record for storing a number for specifying account information, a settlement user, etc. necessary for settlement, 52 is an expiration date of the settlement number 51 The expiration date record 53 stores the available amount record for storing the available amount for storing the usage limit amount of the settlement number 51. The settlement number information 5 shown in FIG. 5 is stored in the storage function 212.

  FIG. 6 is a diagram illustrating an example of the record configuration of the personal authentication information information according to the present embodiment and data corresponding to each record. In FIG. 6, 6 is personal authentication information, and 62 is a finger vein template information record for storing a finger vein template for authenticating the user by comparing with finger vein information read from the finger vein device at the time of finger vein authentication. Reference numeral 61 denotes ID number information for storing a search key for searching the finger vein template information 62. 63 is a settlement number record for storing a settlement number necessary for settlement. The personal authentication information 6 shown in FIG. 6 is stored in the storage function 222.

  Hereinafter, a schematic procedure of the processing of the present embodiment will be described with reference to FIG. As described above, in the present embodiment, a transaction involving payment is targeted. Hereinafter, a transaction (sales / purchase) by credit settlement will be described as an example.

  As shown in FIG. 1, Step 12, Step 13, Step 15, and Step 16 are executed in the payment terminal 200. In payment server 210, step 14 is executed. In the personal authentication server 220, Step 17, Step 18, and Step 19 are executed. Hereinafter, the contents of each step will be described.

  Step 11: The payment terminal 200 accepts a payment amount such as a result of selling a product or service using the input / output function 201. For example, as a payment terminal 200, a so-called POS terminal installed in a store accepts a payment amount (purchase amount) by operation of a store clerk (reading with a barcode reader or manual input with a keyboard). In this embodiment, it is assumed that a settlement amount of 25,000 yen is accepted. The payment amount is stored in the sales amount record 32 (FIG. 3) in the storage function (device) 205 of the payment terminal 200. Further, the payment terminal 200 reads the card number from a magnetic card or the like as a credit card from the card reader 202 by the operation of the store clerk, and transfers it to the card information record 31 in the storage function (device) 205 of the payment terminal 200 (FIG. 3). Store.

  Step 12: The payment terminal 200 uses the payment determination function 2031 to compare the payment amount 31 stored in the sales amount record 32 with the threshold 42 stored in the threshold record 42 of the threshold information 4. If the settlement amount is smaller than the threshold, step 13 is executed after this step is executed. Otherwise, step 15 is executed after execution of this step. In this example, the settlement amount 31 = 25,000 yen as shown in FIG. 3 and the threshold 42 = 20,000 yen as shown in FIG.

  Step 13: Send payment information from the payment terminal 200 to the payment server. Specifically, the card number stored in the card number record 31 of the sales information 3 and the payment amount stored in the sales amount record 32 are read out, and the communication function 206 is sent to the payment server 210 via the communication network 230. Send. You may display the message which shows having settled only with card information to the input-output function 201 at the time of the transmission of the said information. An example of the message is shown as a message 801 in FIG. In this embodiment, the expiration date information of the card number may also be transmitted. Note that the present embodiment does not prevent the use of information other than card information in the following settlement processing.

  Step 14: The payment server 210 receives payment information from the payment terminal 200. Specifically, the card number and the payment amount that are the payment information transmitted from the payment server 200 from the communication network 230 are received using the communication function 213. Then, the settlement server 210 uses the control function 211 to search the settlement number record 51 stored in the settlement number information 5 in the storage function 212 using the received card number as a key, and the received settlement amount And the available amount record 53 are compared, the settlement function 2111 determines whether settlement is possible. If settlement is possible, settlement processing is executed. As the settlement processing, the following settlement execution method may be performed, or information processing for enabling the settlement execution method may be performed. Various methods can be used for the settlement, and it may be withdrawn from the account about one month later from the cardholder himself, like a credit card, or immediately with a debit card. Further, it may be possible to add a determination as to whether payment is possible using information stored in the expiration date record 52.

  Step 15: If it is determined in step 12 that the payment amount has exceeded the threshold, the payment terminal 200 reads the finger vein information. Specifically, a message prompting the user to present the finger to the finger vein reading function 204 is displayed on the input / output function 201, and finger vein information is received from the finger vein reading function 204. The received finger vein information is stored in the finger vein information 33 of the sales information 3 in the storage function 205. An example of a message prompting the user to present the finger to the finger vein reading function 204 is shown in FIG. Also, the finger vein reading function 204 can be realized by what is called a finger vein authentication device (unit), and may be realized as one element constituting the payment terminal 200, or may be a device separate from the payment terminal 200. You may comprise as.

Step 16: The personal identification information such as the card number, finger vein information, and sales price is transmitted from the payment terminal 200 to the personal authentication server 220. The payment terminal 200 transmits the above-described personal authentication information using the communication function 206, but the personal authentication information may not include information other than the above-described card number, finger vein information, and sales amount.
The details from step 16 to step 19 will be described later with reference to FIG.

  Step 17: The personal authentication server 230 receives the personal authentication information transmitted from the payment terminal 200 using the communication function 223.

  Step 18: Using the card number (ID number) received in Step 17 by the personal authentication server 230, the contents are shown in FIG. 6, and finger vein authentication is performed for the personal authentication information record stored in the storage function 222. To search for a settlement number. The settlement number is a number different from the card number. Details will be described later when FIG. 7 is described later. Here, the card number = ID number is processed, but a card ID different from the card number is selected using a correspondence table (information 1100) as shown in FIG. A configuration may be adopted in which the received information is converted into a card number (or ID number) based on a correspondence table as shown in FIG.

  Step 19: The payment number and the payment amount are transmitted from the personal authentication server 200 to the payment server 210 (when the authentication in Step 18 is affirmative). The settlement server 210 executes a settlement process using the received information. This settlement process is the same as the settlement process in step 14 described above. However, a message indicating that payment was made with the payment information may be displayed on the input / output function 201 when the information is transmitted. An example of the message is shown as a message 1001 in FIG.

  Next, using the flowchart of FIG. 7, the authentication information is transmitted from the payment terminal 200 to the user authentication server 220, and the user authentication server receives the user authentication information and executes the process of user authentication, and sets the payment number information. Details of the processing procedure (step 16 to step 19) to be transmitted to the settlement server 210 will be described.

  Step 701: The payment terminal 200 reads the information stored in the card number record 31, the sales amount record 32, and the finger vein information record 33 of the sales information 3 stored in the storage function 205. For example, “123456789” is read as card number information, “2,5000 yen” is read as sales amount information, and image information is read as finger vein information.

  Step 702: The payment terminal 200 uses the communication function 206 to transmit the card number information, sales amount information, and finger vein information read in Step 701 to the personal authentication server 220 via the communication network 230.

  Step 703: The personal authentication server 220 receives the card number information, sales amount information, and finger vein information transmitted in step 702 through the communication network 230 by the communication function 223. The received card number information, sales amount information, and finger vein information are stored in the sales information 3 of the storage function 222. For example, “123456789” is written as card number information, “2,5000 yen” is written as sales amount information, and image information is written as finger vein information. An example written in this way is shown in FIG.

  Step 704: The personal authentication server 220 reads the card information from the sales information 3 of the storage function 222 using the control function 221 and searches the ID number record of the personal authentication information 6 of the storage function 222 using the card information as a key. If they match, the finger vein template information associated with the ID information is read from the finger vein template record 62 and the settlement number record 63. In the example of FIG. 6, the card information “123456789” matches the ID information “123456789”, and the finger vein template information associated therewith is read. The ID information may be searched based on whether it satisfies a predetermined relationship even if it does not match (for example, whether it matches if at least one of them is converted according to a predetermined rule). Further, the ID number 61 of the personal authentication information 6 shown in FIG. 6 may be stored as a card number. Further, if no match is found as a result of these, this processing is terminated (the same processing as in the case where the processing is terminated in step 706 described later may be performed). If the card number is not searched, the card number is on a so-called black list, and this card number is stored in a database (not shown) for this purpose in the personal authentication server 220, and the card number is stored in this database. Includes the case where it was searched. Further, if the search is not made in this way, the sales information received and stored in step 703 may be deleted.

  Step 705: The personal authentication server 220 uses the control function 221 (finger vein authentication function 2211) and performs finger vein authentication by comparing the finger vein template information read in step 704 with the finger vein information stored in step 703. . It should be noted that this authentication (comparison) method is not particularly limited as long as the finger vein template information and the finger vein information do not coincide at all and have a predetermined relationship and can authenticate the same person.

  Step 706: If the finger vein template information and the finger vein information match in step 705 (determined as the same person), step 707 is executed. In other cases, the present process is terminated. However, a message indicating that the personal authentication has failed may be transmitted from the personal authentication server 220 to the payment terminal 200 via the communication network 230, and a message indicating that payment cannot be performed may be displayed to the input / output function 201 of the payment terminal 220. Further, if the search is not made in this way, the sales information received and stored in step 703 may be deleted.

  Step 707: The personal authentication server 220 reads the sales amount information stored in the sales amount record 32 of the sales information 3 stored in the storage function 222 using the control function 221 (finger vein authentication function 2211). In the example of FIG. 3, “2,5000 yen” is read as sales amount information. The payment information stored in the payment number record 63 of the personal authentication information 6 stored in the storage function 222 is read using the card number information used in step 704 as a key. In the example of FIG. 6, since the card number is “123456789”, “987654321” is read as the settlement number information.

  Step 708: The personal authentication server 220 uses the control function 221 (finger vein authentication function 2211), the sales amount information and the settlement number information read in step 707 via the communication function 224, and the communication network 230, Send to payment server 210. In the example of FIGS. 3 and 6, “2,5000 yen” is transmitted as sales amount information and “987654321” is transmitted as settlement number information.

  Next, another aspect touched in step 18 will be described with reference to FIG. In the above example, a configuration using a card number of a card such as a credit card has been adopted. Here, an example using ID information which is other information will be described. The ID information is not directly used for settlement like the card number, but uses information randomly given to the card or the user. For example, a card or IC tag that does not have a credit card function and holds ID information (for example, only this) may be used, or a so-called one-time password generation function is provided, and a password generated for each use with this function May be used as ID information. Among these, when an IC tag, a card, or the like is used, a chip ID unique to a chip mounted on the IC tag or card may be used as the ID information. The contents of this processing will be described below.

  Until step 17 (step 703), there is no significant change in processing by changing the card information to ID information. However, readers other than the card reader 202 may be changed according to the medium to be used. When a one-time password is used, ID information (one-time) generated and displayed by a portable device called a token is displayed. A password or a store clerk may be input via the input / output function 201 (such as a keyboard).

  Here, the personal authentication server 220 is supposed to receive the ID information in step 703. Next, the personal authentication server 220 uses the control function 221 (finger vein authentication function 2211) and uses the received ID information as a key and the correspondence table information 1100 (FIG. 11) stored in the storage function 222 (storage device). Search for. That is, the card number 1102 associated with the received ID information is searched. Here, it is good also as a structure which searches an ID number instead of a card number. Then, using the retrieved card number (or ID number), the finger vein template information in step 704 is retrieved. If the corresponding card number (ID number) is not searched, the sales information received and stored in step 703 may be deleted.

  In addition, in the transmission in step 708, the card number searched in step 70 may be transmitted.

  Further, the present embodiment includes the following modes. In the settlement server 210, blacklist check processing is performed. In the above example, the blacklist check process is performed by the personal authentication server 210 in step 703, but in step 19 (708), the payment server 210 receives information including card information. Then, a search process is performed to determine whether or not the card number included therein is included in the black list information. If included, the payment server 220 transmits information indicating that the payment is not possible to the payment terminal 200. By executing the processing in this way, it becomes possible to obtain a more suitable system in the case of so-called ASP conversion.

  The above is the description of the processing of this embodiment. In this embodiment, the card information is information uniquely distributed to the card holder, and the finger vein template information of the card holder is stored in the personal authentication server so as to correspond to the card information. Thereby, in this Embodiment, it becomes possible to search one finger vein template information using card information, and it becomes possible to raise an authentication system. Since the card information entered for settlement searches for the finger vein template, there is no need to re-enter the finger vein template information even if it is determined that the card settlement cannot be used due to the high use. In the present embodiment, the card information may be a credit card, a debit card, electronic money, or any device that can electronically transmit numerical information to the payment terminal 200.

It is a flowchart which shows the basic operation | movement by 1st embodiment of this invention. It is a figure of a function structure. It is a figure of the structure of a sales information record, and the example of data which belongs to the record. It is a figure of the structure of a threshold-value information record, and the example of data which belongs to the record. It is a figure of the structure of a payment number information record, and the data example which belongs to the record. It is a figure of the structure of a personal authentication information record, and the data example which belongs to the record. It is the flowchart which showed the detailed procedure of step 16-step 19 in this embodiment. It is an example of a screen displayed at Step 13 in this embodiment. It is an example of a screen displayed at Step 15 in this embodiment. It is an example of a screen displayed at Step 19 in this embodiment. It is a figure which shows the correspondence table in this embodiment.

Explanation of symbols

DESCRIPTION OF SYMBOLS 200 ... Payment terminal, 201 ... Input / output function, 202 ... Card reader, 203 ... Control function, 2031 ... Payment means judgment function, 204 ... Finger vein information reading function, 205 ... Memory function, 206 ... Communication function, 207 ... Data bus , 210 ... payment server, 211 ... control function, 2111 ... payment function, 212 ... storage function, 213 ... communication function, 220 ... personal authentication server, 221 ... control function, 2211 ... finger vein authentication function, 222 ... storage function, 223 ... Communication function, 224 ... Data bus, 230 ... Communication network

Claims (9)

A transaction system for performing a transaction requested by a user, wherein a settlement terminal that accepts the content of the transaction requested by the user, an authentication server for authenticating the user, and an information process for the transaction In a transaction authentication method using a transaction system in which payment servers to be connected to each other,
The payment terminal is
Remember the condition information that shows the conditions in the transaction,
Request the transaction from the user, accept a transaction request including the content of the transaction,
Compare the contents of the transaction request with the conditions to determine whether the contents satisfy the conditions;
If the condition is satisfied, authentication information used for authentication of the user is received from the user, and the authentication information is transmitted to the authentication server.
The authentication server is
Using the transmitted authentication information, execute authentication for the user,
The payment server is
A transaction authentication method, comprising: executing transaction processing corresponding to a transaction request of a user authenticated by the authentication server or a transaction request transmitted from the payment terminal. In the transaction authentication method according to claim 1,
When it is determined that the payment terminal satisfies the condition, the payment terminal transmits the authentication information and the transaction request to the authentication server,
When the authentication server is authenticated as a result of the authentication process, the authentication server transmits the received transaction request to the settlement server,
The transaction authentication method, wherein the settlement server uses a transaction request transmitted from the authentication server as a transaction request of a user authenticated by the authentication server. In the transaction authentication method according to claim 1,
The authentication server transmits the result of the authentication to the payment terminal;
When the result of the authentication is to authenticate the user, the payment terminal transmits the transaction request to the payment server,
The transaction authentication method, wherein the settlement server uses a transaction request transmitted based on a result of the authentication as a transaction request of a user authenticated by the authentication server. In the transaction authentication method according to claim 2,
The authentication server stores in advance a personal authentication number for identifying the user in association with the authentication information of the user,
When the authentication server is authenticated, the authentication server transmits the transaction request and the user authentication number of the user to the settlement server,
For the transaction request from the authentication server, the settlement server identifies the user using the authentication number and executes the transaction process. In the transaction authentication method according to claim 4,
The authentication server is
Store the contents of the transaction included in the received transaction request in the storage device,
A transaction authentication method, wherein when the transaction request is transmitted to the settlement server, the content of the transaction stored in the storage device is deleted. In the transaction authentication method according to any one of claims 1 to 5,
When the said payment terminal satisfy | fills the said conditions, the transaction authentication method characterized by receiving the input of the said user's biometric information as said authentication information. The transaction authentication method according to claim 6,
A transaction authentication method using vein information of the user as the biometric information. A transaction system for performing a transaction requested by a user, wherein a settlement terminal that accepts the content of the transaction requested by the user, an authentication server for authenticating the user, and an information process for the transaction In a transaction authentication method using a transaction system in which payment servers to be connected to each other,
The payment terminal is
Remember the condition information that shows the conditions in the transaction,
Requesting the transaction from the user, receiving an input of a transaction request including the content of the transaction, reading the user identification information from a storage medium storing user identification information for identifying the user,
Compare the contents of the transaction request with the conditions to determine whether the contents satisfy the conditions;
If the condition is satisfied, the user identification information and the biological information are transmitted to the authentication server,
If the condition is not satisfied, the transaction request is transmitted to the settlement server,
The authentication server is
User identification information for identifying a user is stored in advance in a storage device in association with the biological information of the user,
The transmitted user identification information is searched from the storage device, biometric information corresponding to the searched user identification information is specified,
By comparing the identified biometric information with the transmitted identification information, the user is authenticated,
The payment server is
A transaction authentication method for executing a transaction process for a transaction request of a user authenticated by the authentication server or a transaction request transmitted from the payment terminal. The transaction authentication method according to claim 8,
When the payment terminal determines that the condition is not satisfied, the payment terminal transmits the user identification information read from the storage medium and the transaction request to the payment server,
The payment server performs transaction processing corresponding to the transaction request using the user identification information transmitted to the payment server.

Images