JP2011053931A - Settlement system - Google Patents

Abstract

<P>PROBLEM TO BE SOLVED: To provide a settlement system for easily managing personal data for settlement, which is required for settlement, and excellent also in security. <P>SOLUTION: A portable terminal 10 obtains credit ID and an encrypted key from a credit company server 2, records the credit ID into a non-disclosed area, generates a partially non-disclosed code C in which inherent ID and validity determination reference data are recoded in a disclosed area, and displays the generated code C. A read device 30 picks up an image of the partially non-disclosed code C, and determines the validity of the partially non-disclosed code C based on the validity determination reference data obtained by decoding the disclosed area. Then, when the partially non-disclosed code C is valid, the portable terminal 10 transmits the partially non-disclosed code C and settlement data to the credit company server 2. The credit company server 2 reads out the encrypted key corresponding to the inherent ID recorded in the disclosed area, decodes the non-disclosed area, and performs settlement processing based on the obtained credit ID and the received settlement data. <P>COPYRIGHT: (C)2011,JPO&INPIT

Description

  The present invention relates to a payment system.

  In a credit system that is widely implemented at present, a magnetic card in which a credit number or the like is recorded in a magnetic stripe portion is generally used, and payment processing is performed by causing a payment terminal or the like to read such a magnetic card. ing. Since such a credit card (magnetic card) is easy to store in a wallet or the like, there are many users who possess a plurality of credit cards and use them properly according to the situation.

Japanese Patent No. 3207192

  In a credit system using a magnetic card as described above, for example, when it is desired to use a plurality of types of credit numbers, it is necessary to always have a plurality of credit cards and take them out of a wallet or the like as necessary. Therefore, there is a problem that management is troublesome and easy to lose. Also, when using a magnetic card, there is a risk of unauthorized reading, which is problematic in terms of security.

  As a method for solving such a problem, credit data such as a credit number (settlement personal data) is stored in advance in a mobile terminal, and the credit data to be used is read out by the mobile terminal at the time of settlement. A method of displaying as a dimension code or the like is conceivable. In this case, if a two-dimensional code reader is provided on the settlement terminal side, the necessary credit data can be smoothly provided to the settlement terminal, and the credit data can be centrally managed together with the portable terminal. Can increase the sex.

  However, in the above system (that is, a system in which credit data is managed by a portable terminal and the credit data is provided as a two-dimensional code if necessary), a security problem still remains. For example, if a two-dimensional code used at the time of payment is acquired by a third party by some method (for example, imaging, copying, etc.), if no measures are taken, the credit data is illegally transmitted to the third party. There is a risk of being used.

  The present invention has been made to solve the above-described problems, and an object of the present invention is to provide a payment system that is easy to manage payment personal data necessary for payment and is excellent in security.

The invention of claim 1 is a code generation unit capable of generating a partially private code having a public area and a private area in which encrypted data encrypted based on an encryption key is recorded, and the code generation A display unit that displays the partially private code generated by the unit, a server-side storage unit that stores each unique ID of each portable terminal in association with each credit ID, A credit company server comprising: a server-side transmitter that transmits data of the credit ID corresponding to the unique ID of the mobile terminal to the mobile terminal; and the one displayed on the display unit of the mobile terminal A payment system including a reading device that reads a private code.
The portable terminal includes a terminal-side receiving unit that receives data of the credit ID transmitted from the server-side transmitting unit of the credit company server to the portable terminal, and the credit received by the terminal-side receiving unit. A terminal-side storage unit that stores ID data, and the code generation unit records the credit ID in the non-public area, and determines the validity and the unique ID of the mobile terminal in the public area. In the configuration for recording the reference data, the partial private code is generated, and the display unit displays the partial private code generated by the code generation unit.
Furthermore, the reading device captures at least a part of the imaging unit that images the partially private code displayed on the display unit of the mobile terminal, and the imaging unit captures the partially private code. A decrypting unit for decrypting the data in the public area, and determining whether or not the partially private code is valid based on the validity judgment reference data obtained by decrypting the public area by the decrypting unit A determination unit; a code data transmission unit configured to transmit data of the partial private code to the credit company server when the partial private code is determined to be valid by the determination unit; and the credit company A payment data transmission unit that transmits payment data including at least money amount data to the server.
And the said credit company server receives the data of the said partial private code transmitted by the said code data transmission part of the said reading apparatus, and the said server side reception which receives the said payment data transmitted by the said payment data transmission part A unique ID acquisition unit that decodes the public area based on the data of the partially private code received by the server-side receiving unit and acquires the unique ID recorded in the public area; Based on the encryption key reading unit that reads the encryption key corresponding to the unique ID acquired by the unique ID acquisition unit from the server-side storage unit, and the encryption key read by the encryption key reading unit , Decrypting the private area of the partially private code received by the server-side receiving unit, and reading the credit ID A payment processing unit that performs payment processing based on the credit ID read by the credit ID reading unit and the payment data received by the server-side receiving unit. ing.

According to a second aspect of the present invention, there is provided a code generation unit capable of generating a partially private code having a public area and a private area in which encrypted data encrypted based on an encryption key is recorded, and the code generation A display unit that displays the partially private code generated by the unit, a server-side storage unit that stores each unique ID of each portable terminal in association with each credit ID, A credit company server comprising: a server-side transmitter that transmits data of the credit ID corresponding to the unique ID of the mobile terminal to the mobile terminal; and the one displayed on the display unit of the mobile terminal A payment system including a reading device that reads a private code.
The portable terminal includes a terminal-side receiving unit that receives data of the credit ID transmitted from the server-side transmitting unit of the credit company server to the portable terminal, and the credit received by the terminal-side receiving unit. A terminal-side storage unit that stores ID data, and the code generation unit records the credit ID in the non-public area, and determines the validity and the unique ID of the mobile terminal in the public area. In the configuration for recording the reference data, the partial private code is generated, and the display unit displays the partial private code generated by the code generation unit.
In addition, the reading device captures at least a part of the imaging unit that images the partially private code displayed on the display unit of the mobile terminal, and the imaging unit captures the partially private code. A decrypting unit for decrypting the data in the public area, and determining whether or not the partially private code is valid based on the validity judgment reference data obtained by decrypting the public area by the decrypting unit The encryption unit corresponding to the unique ID obtained by decrypting the public area to the credit company server when the determination unit determines that the partially private code is valid by the determination unit An encryption key requesting unit for requesting a key, and a settlement data transmitting unit for transmitting settlement data including at least money amount data to the credit company server. .
The credit company server includes: an encryption key reading unit that reads out the encryption key corresponding to the unique ID requested by the encryption key requesting unit from the server-side storage unit; and the encryption key reading unit An encryption key transmitting unit that transmits the encryption key read by the requesting reading device, and a settlement processing unit that performs a settlement process based on the settlement data transmitted by the settlement data transmitting unit. It is equipped with.
Further, the reading device includes an encryption key acquisition unit that acquires the encryption key transmitted by the encryption key transmission unit, and when the encryption key is acquired by the encryption key acquisition unit The decryption unit decrypts the private area based on the acquired encryption key, and the decryption unit decrypts the private area, the payment data transmission unit The credit ID recorded in the non-public area is transmitted to the company server.
And the said payment process part of the said credit company server is comprised so that the said payment process about the said payment data may be performed based on the said credit ID transmitted by the said payment data transmission part.

According to a third aspect of the present invention, in the payment system according to the first or second aspect, the portable terminal further generates valid period data based on the generation time of the partial private code. And the code generation unit generates the partially private code with a configuration in which the validity period data is recorded in the public area as the validity determination reference data.
Further, whether or not the partial private code is valid based on the validity period data obtained by decoding the public area by the decoding unit and the current time, by the determination unit of the reading device. Is configured to determine.

The invention according to claim 4 is the payment system according to claim 1 or 2, wherein the credit company server is assigned in association with the unique ID of the mobile terminal that is the transmission destination of the credit ID. While having the authentication data memory | storage part which memorize | stores data, the said server side transmission part has comprised the said authentication data allocated to the said portable terminal with respect to the said portable terminal.
The portable terminal receives the authentication data transmitted from the server-side transmitter to the portable terminal by the terminal-side receiver, and is received by the terminal-side receiver by the code generator. The partially private code is generated in such a configuration that authentication data is recorded in the public area as the validity judgment reference data.
Further, the reading device accesses the credit company server after the decryption unit decrypts the public area and transmits at least one of the unique ID and the authentication data obtained by decrypting the public area. The credit company server includes authentication means for authenticating the transmission content from the decrypted content transmission section in response to access from the reading device, and the determination unit of the reading device is based on the authentication means. Based on the authentication result, it is determined whether or not the partially private code is valid.

According to a fifth aspect of the present invention, in the payment system according to the first or second aspect, the credit company server further includes a server-side data generation unit that generates authentication data according to a predetermined data generation method defined in advance. ing.
The portable terminal includes a terminal-side data generation unit that generates authentication data in a data generation method corresponding to the predetermined data generation method of the credit company server, and the code generation unit includes the terminal-side data generation unit. The authentication data generated in (1) is recorded in the public area as the validity judgment reference data, and the partial private code is generated.
Then, the determination unit of the reader accesses the credit company server, and the authentication data generated in the server-side data generation unit and the authentication data in the public area decrypted by the decryption unit Based on the comparison result of the comparison, it is configured to determine whether or not the partially private code is valid.

  The invention according to claim 6 is the payment system according to any one of claims 1 to 5, wherein the server side transmission unit of the credit company server has the uniqueness of the portable terminal to the portable terminal. The encryption key corresponding to the ID is transmitted, and the code generation unit of the mobile terminal encrypts the credit ID based on the encryption key transmitted from the credit company server. The encryption data is recorded in the private area.

The invention according to claim 7 is the payment system according to any one of claims 1 to 5, wherein the server-side transmission unit of the credit company server has the uniqueness of the portable terminal to the portable terminal. An encrypted image in which encrypted data obtained by encrypting the credit ID corresponding to the ID is expressed by a plurality of cells representing a part of the partially private code is transmitted.
The code generation unit of the mobile terminal incorporates the encrypted image transmitted from the credit company server as an image of the private area, and the unique ID and the validity of the mobile terminal are included in the public area. The partial secret code is generated in a configuration for recording the judgment reference data.

In the credit company server, each unique ID of each portable terminal is stored in association with each credit ID, and the credit ID corresponding to the unique ID of the portable terminal is stored in the portable terminal. Sending data. On the other hand, the mobile terminal receives the credit ID data transmitted from the credit company server to the mobile terminal and stores it in the terminal-side storage unit. In this way, the credit IDs assigned to the holders of the respective mobile terminals can be centrally managed by the respective mobile terminals, and the credit ID data can be used smoothly when necessary at each mobile terminal.
Further, the mobile terminal records a credit ID in a private area, and in the public area, records a unique ID of the mobile terminal and validity judgment reference data, and generates a code that can partially generate a private code And the generated partially private code is displayed on the display unit. In this way, the credit ID stored in the mobile terminal can be used with a code configuration that is difficult to leak information, which is advantageous in terms of security.
On the other hand, when a partially private code is imaged by the imaging unit, the reading device decrypts at least the data in the public area, and based on the validity judgment reference data obtained by the decryption, the partially private code It is determined whether or not is effective. When it is determined that the partially private code is valid, the data of the partially private code is transmitted to the credit company server. In this way, the validity of the partially private code can be determined on the reader side before the settlement process, and the partially private code is not used in an illegal manner. In particular, since this determination can be made without decrypting the private area, the credit ID is not leaked between the portable terminal and the reading device, which is further advantageous in terms of security. .
Furthermore, the credit company server receives the data of the partially private code and the settlement data transmitted from the reading device, decodes the public area based on the data of the partially private code, and records it in the public area. The unique ID is acquired. Then, the encryption key corresponding to the acquired unique ID is read from the server-side storage unit, and the private area of the received partial private code is decrypted based on the read encryption key, and the credit ID Is getting. In this way, in the credit company server having the encryption key corresponding to the unique ID, the private area can be decrypted, and in the unlikely event that the private company code is acquired by another device in the process up to the credit company server Even if it is, the confidentiality will be maintained without decrypting the private area. Therefore, security is perfect.

In the credit company server, each unique ID of each portable terminal is stored in association with each credit ID, and the credit ID corresponding to the unique ID of the portable terminal is stored in the portable terminal. Sending data. On the other hand, the mobile terminal receives the credit ID data transmitted from the credit company server to the mobile terminal and stores it in the terminal-side storage unit. In this way, the credit IDs assigned to the holders of the respective mobile terminals can be centrally managed by the respective mobile terminals, and the credit ID data can be used smoothly when necessary at each mobile terminal.
Further, the mobile terminal records a credit ID in a private area, and in the public area, records a unique ID of the mobile terminal and validity judgment reference data, and generates a code that can partially generate a private code And the generated partially private code is displayed on the display unit. In this way, the credit ID stored in the mobile terminal can be used with a code configuration that is difficult to leak information, which is advantageous in terms of security.
On the other hand, when a partially private code is imaged by the imaging unit, the reading device decrypts at least the data in the public area, and based on the validity judgment reference data obtained by the decryption, the partially private code It is determined whether or not is effective. When it is determined that the partially private code is valid, the credit company server is requested for an encryption key corresponding to the unique ID obtained by decrypting the public area. In this way, the validity of the partially private code can be determined on the reader side before the settlement process, and the partially private code is not used in an illegal manner.
Further, when a request for an encryption key is received from the reading device, the credit company server reads the encryption key corresponding to the unique ID from the server-side storage unit and transmits it to the requesting reading device. Then, the reader acquires the transmitted encryption key, decrypts the private area based on the acquired encryption key, and transmits the credit ID recorded in the private area to the credit company server. is doing. In this way, the private area can be deciphered in the reading device on condition that the partially private code is valid. On the other hand, even if a part of the secret code is acquired by another device in the process up to the reading device, the secret area is not decrypted and the confidentiality is maintained. Accordingly, a situation in which the credit ID is leaked and transmitted to the credit company server in other apparatuses does not occur, and the security is ensured.

In the invention of claim 3, the portable terminal is provided with a validity period data generation unit for generating validity period data based on the generation time of the part of the secret code, and the validity period data generated is determined to be valid. A partly private code is generated with a configuration in which the reference data is recorded in the public area. Then, the determination unit of the reading device determines whether or not the partially closed code is valid based on the valid period data obtained by decoding the public area and the current time.
Even if a third party illegally acquires a part of the private code by imaging or copying, a certain amount of time is required until it is actually used. Therefore, it is rarely used improperly immediately after the generation of the partially private code, and the current time when the partially private code is read by the reading device has passed to some extent from the generation time of the partially private code If the partially private code is treated as invalid, the illegal use of the partially private code can be effectively prevented.

In the invention of claim 4, the credit company server stores the authentication data assigned in association with the unique ID of the portable terminal that is the transmission destination of the credit ID, and with the transmission of the credit ID to the portable terminal, Authentication data assigned to the mobile terminal is transmitted. On the other hand, the mobile terminal receives the authentication data transmitted to the mobile terminal, and generates a part of the secret code with a configuration in which the authentication data is recorded in the public area as the validity determination reference data. If it does in this way, the authentication data given to the portable terminal from the credit company server can be used as a judgment index of the validity of the partial secret code generated by the portable terminal.
Further, the reader accesses the credit company server after decrypting the public area by the decryption unit, and transmits at least one of the unique ID and the authentication data obtained by decrypting the public area. In response to access from the device, the content transmitted from the decrypted content transmitting unit is authenticated. Then, the determination unit of the reading apparatus determines whether or not the partially secret code is valid based on the authentication result by the authentication unit. In this way, it is possible to authenticate on the server side whether or not the transmission content from the decrypted content transmission unit is genuine, and based on the authentication result, it is possible to appropriately determine the validity of the partially private code.

According to a fifth aspect of the present invention, the credit company server includes a server-side data generation unit that generates authentication data in accordance with a predetermined data generation method defined in advance. The mobile terminal also has a terminal-side data generation unit that generates authentication data by a data generation method corresponding to a predetermined data generation method of the credit company server. In this way, authentication data corresponding to the credit company server and the portable terminal can be generated.
In addition, the code generation unit of the mobile terminal generates authentication code generated by the terminal-side data generation unit in the public area as the validity determination reference data, and generates a part of the private code. The department accesses the credit company server, and based on the comparison result comparing the authentication data generated in the server-side data generation part and the authentication data in the public area decrypted by the decryption part, a part of the private code is It is judged whether or not it is valid. In this way, it is possible to appropriately determine whether or not the authentication data in the public domain corresponds to the regular authentication data generated on the server side, and an unauthorized data that does not include authentication data corresponding to the authentication data generated on the server side. Use of some private code can be eliminated.

  The invention of claim 6 is configured such that the server-side transmission unit of the credit company server transmits an encryption key corresponding to the unique ID of the mobile terminal to the mobile terminal, and the code generation unit of the mobile terminal The encrypted data obtained by encrypting the credit ID based on the encryption key transmitted from the credit company server is recorded in the private area. In this way, the credit company server can manage the encryption key in association with the unique ID, and can easily pass the encryption key corresponding to the unique ID of the portable terminal to the portable terminal to which the credit ID is to be given. it can. In addition, since the encryption key corresponding to each unique ID is managed by the credit company server except for the one distributed to the mobile terminal to which each unique ID is assigned, the encryption key distributed on the mobile terminal is used. The partially secret code generated in this way is difficult to decipher with a credit company server or a device other than those authorized by the credit company server, which is advantageous in terms of security.

  In the invention of claim 7, the server-side transmission unit of the credit company server partially represents the encrypted data obtained by encrypting the credit ID corresponding to the unique ID of the mobile terminal with respect to the mobile terminal. An encrypted image expressed by a plurality of cells is transmitted. The code generation unit of the mobile terminal incorporates the encrypted image transmitted from the credit company server as an image of the private area, and records the unique ID of the mobile terminal and the validity judgment reference data in the public area It is configured to generate some private code. In this way, a credit ID can be given in an encrypted state from the credit company server to the mobile terminal, and the mobile terminal can manage the credit ID in an encrypted state (secret state). Therefore, the security at the time of holding credit ID with a portable terminal can be improved, and unauthorized use of credit ID can be prevented more effectively. On the other hand, since the encryption key for decrypting the encrypted image of the credit ID is managed by the credit company server, it is difficult to decrypt it with a device other than the credit company server or a device authorized by the credit company server, and the security is ensured. .

FIG. 1 is an explanatory diagram for conceptually explaining the settlement system according to the first embodiment. 2A is a block diagram schematically illustrating a credit company server used in the settlement system of FIG. 1, and FIG. 2B schematically illustrates a reader used in the settlement system of FIG. It is a block diagram illustrated. FIG. 3 is a block diagram schematically illustrating a mobile terminal used in the settlement system of FIG. FIG. 4 is an explanatory diagram conceptually illustrating data for each customer registered in the credit company server of FIG. FIG. 5 is a flowchart illustrating the flow of code generation / display processing performed in the mobile terminal. FIG. 6 is an explanatory diagram for conceptually explaining a partially private code used in the settlement system of FIG. 7A is an explanatory diagram illustrating the data configuration of the partially private code of FIG. 6, and FIG. 7B is an explanatory diagram illustrating disclosed data recorded in the public area. (C) is explanatory drawing which illustrates the encryption data recorded on a non-public area | region. FIG. 8 is a flowchart illustrating the flow of a code reading process performed by the reading device. FIG. 9 is a flowchart illustrating the flow of code reception / settlement processing performed in the credit company server. FIG. 10 is an explanatory diagram for conceptually explaining the settlement system according to the second embodiment. FIG. 11 is an explanatory diagram conceptually illustrating data for each customer registered in the credit company server in the settlement system of the second embodiment. FIG. 12 is a flowchart illustrating the flow of code generation / display processing performed by the mobile terminal in the payment system according to the second embodiment. FIG. 13 is a flowchart illustrating the flow of a code reading process performed by the reading device in the settlement system of the second embodiment. FIG. 14 is an explanatory diagram for conceptually explaining the payment system according to the third embodiment. FIG. 15 is a flowchart illustrating the flow of code generation / display processing performed by the mobile terminal in the payment system according to the third embodiment. FIG. 16 is an explanatory diagram for conceptually explaining the settlement system according to the fourth embodiment.

[First embodiment]
Hereinafter, a settlement system according to a first embodiment of the present invention will be described with reference to the drawings.
(overall structure)
First, the overall configuration of the payment system 1 will be described with reference to FIG. FIG. 1 is an explanatory diagram schematically illustrating the payment system 1 according to the first embodiment. The payment system 1 shown in FIG. 1 is configured as a system that performs payment when an information user who has a mobile terminal purchases a product or receives a service. This payment system is mainly configured by a payment side system including each credit company server 2 (hereinafter also simply referred to as server 2), a reading device 30, and the like, and the mobile terminal 10.

  In the example of FIG. 1, a plurality of credit company servers 2 (first credit company server 2a, second credit company server 2b, and third credit company server 2c) are provided. Any credit company server 2 is configured as shown in FIG. 2A, for example, and configured to be communicable with a mobile terminal 10 described later via a communication network such as the Internet. These credit company servers 2 are configured as, for example, a computer, configured as a control unit 3 including a CPU, a display unit 4 configured as a liquid crystal monitor, a storage unit 5 including a ROM, a RAM, an HDD, a mouse, a keyboard, and the like. An operation unit 6 to be operated, a communication unit 7 configured as a communication interface, and the like. FIG. 1 shows an example in which three credit company servers 2 (first credit company server 2a, second credit company server 2b, and third credit company server 2c) are connected to the communication network. The number of servers is not limited to the configuration in FIG. 1, and may be, for example, one or a plurality other than three.

  For example, the reading device 30 is arranged at a checkout location such as a store (in the vicinity of a cash register), and serves as a code reading device that reads a partially hidden code C (described later) displayed on the display unit of the mobile terminal 10. It is configured. As shown in FIG. 2B, for example, the reading device 30 includes an imaging unit configured as a camera including a control unit 31 including a CPU and the like, and a light receiving sensor (for example, a C-MOS area sensor, a CCD area sensor, and the like). 32, a display unit 33 including a liquid crystal display, a storage unit 34 including a ROM, a RAM, an HDD, an operation unit 35 configured as various keys and a touch panel, a communication unit 36 configured as a communication interface, and the like. Yes.

  The mobile terminal 10 is configured as a mobile communication device (for example, a mobile phone) having an information processing function. As shown in FIG. 3, a control unit 11 including a CPU, a light receiving sensor (for example, a C-MOS) From an image pickup unit 12 configured as a camera having an area sensor, a CCD area sensor, etc., a display unit 13 configured by a liquid crystal display, an operation unit 14 configured by various operation keys, a ROM, a RAM, a nonvolatile memory, and the like And a communication unit 16 configured as a communication interface for performing communication via a communication network such as the Internet. In addition, in FIG. 1, although the single portable terminal 10 is illustrated typically, the number of the portable terminals 10 connected to a communication network is not specifically limited, A system with the structure by which many portable terminals 10 are connected. Can be built.

  Next, each process performed in the payment system 1 according to the present embodiment will be described. In the payment system 1 according to the present embodiment, a credit data transmission process, a code generation / display process, a code reading process, and a code reception / settlement process are mainly performed. Among these, the credit data transmission process and the code reception / settlement process are performed by the credit company server 2, and the code generation / display process is performed by the mobile terminal 10. The code reading process is performed by the reading device 30. Hereinafter, these processes will be described in detail.

(Credit data transmission process)
First, the credit data transmission process performed by the credit company server 2 will be described.
In this embodiment, in each credit company server 2, for example, registration data as shown in FIG. 4 is recorded in the storage unit 5 (FIG. 2A). In this embodiment, when a credit company issues a credit number to each customer, credit data (credit number, expiration date) assigned to each customer's unique ID (phone number or email address). Data) and the encryption key are associated with each other and stored in the storage unit 5. In the credit company server 2, by performing such registration for each customer, as shown in FIG. 4, for each customer, a unique ID (telephone number or email address) and credit data (credit number (credit ID), data such as an expiration date) and an encryption key are associated with each other, and registration data is generated and stored in the storage unit 5.

  The credit company server 2 registers each customer's data in the storage unit 5 and then transmits the credit data and the encryption key to the customer who should issue the credit number. These data (credit data, encryption key) are mailed to the address of the customer's mobile terminal based on the unique ID of the customer to be sent. The mail transmission may be performed by an operator, for example, or may be automatically performed at a predetermined time.

  In the present embodiment, the storage unit 5 corresponds to an example of a “server-side storage unit”, and functions to store each unique ID of each mobile terminal 10 in association with each credit ID. Further, the control unit 3 and the communication unit 7 correspond to an example of a “server side transmission unit”, and a credit number (credit ID) or an encryption key corresponding to the unique ID of the mobile terminal 10 is given to the mobile terminal 10. Works to send data.

The mobile terminal 10 that has received the mail including the data (credit data, encryption key) from the credit company server 2 stores the data (credit data, encryption key) in the storage unit 15. Here, the credit company server 2 sends the credit data and the encryption key by e-mail to the mobile terminal 10, but the mobile terminal 10 accesses the credit company server 2 and provides its own unique ID. The data corresponding to the unique ID (credit data, encryption key) may be downloaded.
In the present embodiment, the control unit 11 and the communication unit 16 of the mobile terminal 10 correspond to an example of a “terminal side receiving unit”, and the credit ID data transmitted from the “server side transmitting unit” to the mobile terminal 10 is stored. Works to receive. The storage unit 15 corresponds to an example of a “terminal-side storage unit” and functions to store credit ID data received by the “terminal-side reception unit”.

(Code generation / display processing)
Next, code generation / display processing will be described. FIG. 5 is a flowchart illustrating the flow of code generation / display processing performed by the mobile terminal 10. In the present embodiment, for example, when a predetermined operation is performed on the mobile terminal 10, the code generation / display process shown in FIG. 5 is performed. In this process, first, a password receiving process is performed. (S1). In this process, for example, a comment such as “Please enter the password” is displayed on the display unit 13 to prompt the user to input the encryption number, and the password entered on the operation unit 14 in accordance with the display is displayed. Have acquired. Then, authentication is performed by determining whether or not the input personal identification number matches a registered number registered in advance (S2). If they do not match, the process proceeds to No in S2 and the process of S1 is performed. repeat.

  When the process proceeds to Yes in S2, a process of reading out credit data and a unique ID (for example, a telephone number or a mail address) from the storage unit 15 is performed (S3). Among these, the credit data is received from the credit company server 2 and accumulated in the storage unit 15. When a plurality of types of credit data are stored in the storage unit 15, for example, the stored credit data The data may be displayed in a selectable manner so that the user can select which credit data to use. Further, the unique ID (for example, a telephone number or an e-mail address) is stored in advance in the storage unit 15 of the portable terminal 10 as unique to the portable terminal 10.

  After S3, a process of acquiring data at the current time is performed (S4). In the present embodiment, a clock unit having a known configuration (not shown) is provided, and the control unit 11 can always acquire time data from the clock unit. In S <b> 4, the current time (that is, the time when the process of S <b> 4 is executed) is acquired from the clock unit and temporarily stored in the storage unit 15.

  After acquiring the current time data in S4, processing for generating valid period data is performed (S5). In the present embodiment, the current time acquired in S4 corresponds to an example of “partially private code generation time”, and a certain time has elapsed from this current time (for example, 3 times from the current time acquired in S4). (Time when minutes have passed) is generated as “valid period data”. In the present embodiment, the control unit 11 that executes the process of S5 corresponds to an example of a “valid period data generation unit”, and generates valid period data based on the generation time of a part of the private code C. Function. Note that the “valid period data” (that is, data at a certain time after the current time acquired in S4) corresponds to an example of “validity determination reference data”.

  Thereafter, a process for generating a partially private code is performed (S6). In the process of S6, a partially private code C as shown in FIG. 6 is generated. In this partial private code C, a partial area is a private area Cb (an area where encrypted data is recorded), and another area is a public area Cb (unencrypted data is recorded). The area is configured as a two-dimensional code.

  In the present embodiment, the unique ID (for example, telephone number or mail address) of the mobile terminal 10 read in S3 and the validity period data (validity determination reference data) generated in S5 are used as public data. . Further, the credit number (credit ID) read in S3 is set as non-public data. And about non-public data, it is based on the encryption key (The encryption key transmitted from the credit company server 2 matched with the said credit number) corresponding to the credit number (credit ID) etc. read by S3. Is encrypted. For the encryption of the private data, a known common key cryptosystem is used, and the encryption algorithm used for the encryption of the private data in the process of S6 is a decryption algorithm in the credit company server 2 described later. It corresponds.

  Then, the encrypted data encrypted in this way is recorded in the private area Cb, and the public data is recorded in the public area Ca to generate a part of the private code C (FIG. 6A). Yes. Partially private code with some areas as private areas (areas that can be read with the acquisition of encryption keys) and other areas as public areas (areas that can be read without using encryption keys) As a specific configuration of the generation method and the partial private code to be generated, for example, techniques disclosed in Japanese Unexamined Patent Application Publication Nos. 2009-9547 and 2008-299422 can be preferably used. FIG. 7A illustrates a data configuration of a partially private code when the techniques of these publications are used, and among these, “disclosure code” indicates each disclosure as shown in FIG. Data (public data such as unique ID and valid period data) is encoded in accordance with JIS basic specifications (JISX0510: 2004). The “secret code” is encoded according to JIS basic specifications (JISX0510: 2004) as shown in FIG. 7C (encrypted data obtained by encrypting each private data such as a credit number). Is.

  Note that the method for generating a partially private code and the specific configuration of the partially private code to be generated are not limited to this example, and encrypted data is recorded in some areas and non-encrypted in other areas. Any method other than the methods described in these publications may be used as long as it is a method capable of generating a two-dimensional code in which digitized data is recorded.

  In the present embodiment, the control unit 11 that executes the process of S6 corresponds to an example of a “code generation unit”, and a public area Ca and a private area in which encrypted data encrypted based on the encryption key is recorded. It functions to generate a partially private code C having Cb.

  After the process of S6, a process of displaying the partially private code C generated in S6 on the display unit 13 (FIG. 3) is performed (S7). In this display process, for example, the partial private code C generated in S6 may be displayed on the display unit 13 until a predetermined time (for example, several minutes) elapses, and the user performs a predetermined non-display operation. It is good also as a structure which displays the one part private code C on the display part 13 until it performs.

(Code reading process)
Next, the code reading process will be described. FIG. 8 is a flowchart illustrating the flow of code reading processing performed by the reading device 30. The code reading process shown in FIG. 8 is started, for example, when a predetermined operation is performed in the reading device 30, and first, a process of capturing an image of a partially private code C is performed (S10). In this process, when the partially private code C displayed on the display unit 13 in S7 of FIG. 5 is deceived by the imaging unit 32 of the reading device 30, this partially private code C is displayed on the imaging unit 32 (FIG. 5). 2 (b)), and the image data of the partially closed code C obtained by the imaging is stored in the storage unit 34.

After the imaging process of S10, the public area Ca of the partially private code C is decoded. Specifically, based on the image data of the partially private code C obtained in S10, the public area that is not encrypted is decoded by a known method, and the unique ID and the validity period data recorded in the public area are obtained. get.
In the present embodiment, the control unit 31 that performs the process of S11 corresponds to an example of a “decoding unit”. When a part of the private code C is imaged by the imaging unit 32, at least the data in the public area Ca is decoded. To function.

  After the process of S11, it is determined whether or not the current time (the time when the process of S12 is performed) is within the valid period specified by the valid period data obtained in S12. In the present embodiment, the time after a predetermined time has elapsed from the current time acquired in S4 is “valid period data”, and in S12, the current time (the time at which the process of S12 is performed) is indicated by the valid period data. It is judged whether or not. If the current time (the time at which the process of S12 is performed) has passed the time indicated by the valid period data, it is determined that it is not within the valid period (S12: No), and the code reading process is terminated. On the other hand, if the current time (the time when the process of S12 is performed) has not passed the time indicated by the valid period data, it is determined that it is within the valid period (S12: Yes), and the part obtained in S10 The image data (code image) of the private code C is transmitted to the credit company server 2.

  In the present embodiment, the control unit 31 corresponds to an example of a “determination unit”, and is based on “validity determination reference data” obtained by decoding the public area Ca by the “decoding unit”. It functions to determine whether C is valid (specifically, based on the valid period data obtained by decoding the public area Ca and the time (current time) at which the process of S12 is performed) It functions to determine whether or not a partially private code C is valid). The control unit 31 that executes the process of S13 corresponds to an example of a “code data transmission unit”, and when the “determination unit” determines that the partially private code C is valid, It functions to transmit the data of the private code C to the credit company server 2.

  After the process of S13, it is determined whether or not a successful decoding result has been acquired from the credit company server 2 (S14). In the present embodiment, the credit company server 2 that has acquired the image data (code image) of the partially private code C transmitted in S13 performs code reception / settlement processing described later. When the decoding success notification (S25: described later) is made and the reader 30 receives this notification, it is determined that the decoding success result has been acquired, and the process proceeds to Yes in S14. If the notification (S25) is not received within a predetermined time after the process of S13, the process proceeds to No in S14, and the processes after S10 are repeated.

When the process proceeds to Yes in S14, settlement data is transmitted to the credit company server 2 (S15). This payment data includes customer information such as the name of the entity providing the product or service (information that can specify the name of the store, company, etc. (for example, payment code), the content of the product or service, the billing amount, the customer name, etc. Etc. Further, the customer may be requested to input a password, and the password may be included in the settlement data.
In the present embodiment, the control unit 31 that executes the process of S15 corresponds to an example of a “settlement data transmission unit”, and functions to transmit settlement data including at least money amount data to the credit company server 2.

(Code reception and payment processing)
Next, the code reception / settlement process will be described. FIG. 9 is a flowchart illustrating the flow of code reception / settlement processing performed by the credit company server 2. The process shown in FIG. 9 is started, for example, when there is an access from the reading device 30, and first, a process of receiving an image (code image) of the partially private code C transmitted in S13 of FIG. S20).

After the process of S20, a process of decoding the public area Ca of the partially private code C (FIG. 6) received in S20 is performed (S21). In this process, the public area is decoded by a known method, and the unique ID recorded in the public area Ca is read.
In the present embodiment, the control unit 3 that executes the process of S21 corresponds to an example of a “unique ID acquisition unit” and is disclosed based on data of a partially private code C received by the “server side reception unit”. It functions to decrypt the area Ca and acquire the unique ID recorded in the public area Ca.

Then, the encryption key corresponding to the unique ID read in S21 is read from the storage unit 5 (S22). In the present embodiment, the encryption key used when generating the partially private code C and the unique ID of the mobile terminal 10 that has given this encryption key are stored in association with each other (see FIG. 4). ) In S22, the encryption key stored in association with the unique ID read in S21 is read from the storage unit 5 so that the private area of the private code C can be decrypted. The key has been acquired.
In the present embodiment, the control unit 3 that executes the process of S22 corresponds to an example of an “encryption key reading unit”, and stores an encryption key corresponding to the unique ID acquired by the “unique ID acquisition unit”. It functions to read from the unit 5 (server-side storage unit).

Then, after the process of S22, a process of decoding the private area Cb and decrypting the encrypted data is performed (S23). In this process, after the data code recorded in the non-public area Cb (the secret code obtained by encoding the encrypted data) is decoded by a known method, the decoded data is converted into the encryption key (decrypted in S22). Key). In the present embodiment, the decryption algorithm (decryption algorithm) used in the credit company server 2 corresponds to the encryption algorithm used in the mobile terminal 10, and the encryption key used in S6 of FIG. If the encryption key (decryption key) read in S22 matches, the encrypted data in the private area Cb can be decrypted. Note that there are various specific methods for deciphering the non-public area, and for example, methods similar to those disclosed in JP2009-9547A and JP2008-299422A can be used.
In the present embodiment, the control unit 3 that executes the process of S23 corresponds to an example of a “credit ID reading unit”. Based on the encryption key read by the “encryption key reading unit”, the “server side It functions to decrypt the private area Cb of the partially private code C received by the “receiving section” and read the credit ID.

  After S23, it is determined whether or not the private area Cb has been successfully decoded in the process of S23. If the decoding fails (for example, if there is no encryption key that matches the private area Cb in the credit company server 2), the process proceeds to No in S24, and a retransmission request for a part of the private code C is made. (S28). On the other hand, if the decoding succeeds in the private area Cb in S23, the process proceeds to Yes in S24, and the decoding device 30 is notified of the decoding success (S25).

After notifying that the decoding is successful in S25, the payment data transmitted in the process of S15 (FIG. 8) in the code reading process of the reading device 30 is received (S26) and the payment process is performed (S27). In this settlement process, at least the settlement data received in S26 and the credit number (credit ID) obtained by the decoding in S23 are stored in the storage unit 5 in association with each other. As a result, the customer specified by the credit number (credit ID) obtained in S23 and the charge related to the payment data received in S26 can be registered in association with each other and specified for the customer by the payment data. You will be able to claim the amount charged.
In the present embodiment, the control unit 3 and the communication unit 7 that execute the processes of S20 and S26 correspond to an example of a “server side reception unit”, and are transmitted by the “code data transmission unit” of the reading device 30. It functions to receive the data of the part secret code C and the settlement data transmitted by the “settlement data transmission unit”.
The control unit 3 that executes the process of S27 corresponds to an example of a “settlement processing unit”, and the credit ID read by the credit ID reading unit and the settlement data received by the “server side receiving unit” Function to perform payment processing based on

(Main effects of the first embodiment)
In the payment system 1 according to the present embodiment, the credit company server 2 stores each unique ID of each mobile terminal 10 in association with each credit ID, and stores the unique ID of the mobile terminal 10 with respect to the mobile terminal 10. Data of credit ID corresponding to the ID is transmitted. On the other hand, the mobile terminal 10 receives the credit ID data transmitted from the credit company server 2 to the mobile terminal 10 and stores it in the storage unit 15 (terminal-side storage unit). In this way, the credit ID assigned to the owner of each mobile terminal 10 can be centrally managed by each mobile terminal 10, and each mobile terminal 10 can use the data of the credit ID smoothly when necessary. become.
Further, the mobile terminal 10 records the credit ID in the private area Cb, and records the private ID C of the mobile terminal 10 and the validity judgment reference data in the public area Ca. A “code generation unit” that can be generated is provided, and the generated partially private code C is configured to be displayed on the display unit 13. In this way, the credit ID stored in the mobile terminal 10 can be used after having a code configuration that is difficult to leak information, which is advantageous in terms of security.
On the other hand, when a part of the secret code C is imaged by the imaging unit 32, the reading device 30 decodes at least the data in the public area Ca and based on the validity judgment reference data obtained by the decoding. It is determined whether or not the private code C is valid. When it is determined that the partially private code C is valid, the data of the partially private code C is transmitted to the credit company server 2. In this way, the validity of the partially private code C can be determined on the reading device 30 side before the settlement process, and the partially private code C is not used in an illegal manner. In particular, since this determination can be made without decrypting the private area Cb, the credit ID is not leaked during the exchange between the mobile terminal 10 and the reading device 30, which further increases the security. It will be advantageous.
Furthermore, the credit company server 2 receives the data of the partially private code C and the settlement data transmitted from the reading device 30, and decrypts the public area Ca based on the data of the partially private code C. The unique ID recorded in the public area Ca is acquired. And while reading the encryption key corresponding to the acquired unique ID from the memory | storage part 5 (server side memory | storage part), based on the read encryption key, the private area | region of the partial private code C received Cb is decoded and a credit ID is obtained. In this way, in the credit company server 2 having the encryption key corresponding to the unique ID, the private area Cb can be decrypted, and in the unlikely event that the private company C reaches the credit company server 2, Even if it is acquired by the apparatus, the secret area Cb is not decrypted and the confidentiality is maintained. Therefore, security is perfect.

In the payment system 1 according to the present embodiment, the mobile terminal 10 is provided with a “valid period data generation unit” that generates valid period data based on the generation time of the partial secret code C. The private code C is partially generated in such a configuration that the valid period data is recorded in the public area Ca as validity judgment reference data. Then, the reading device 30 determines whether or not the partially private code C is valid based on the valid period data obtained by decoding the public area Ca and the current time.
Even if a third party illegally obtains a part of the private code C by imaging or copying, a certain amount of time is required until it is actually used. Therefore, it is rarely used improperly immediately after the partial private code C is generated, and the current time when the partial private code C is read by the reading device 30 has passed to some extent from the generation time of the partial private code C. In such a case, if the partially private code C is treated as invalid, the illegal use of the partially private code C can be effectively prevented.

  In the present embodiment, the “server-side transmission unit” of the credit company server 2 is configured to transmit an encryption key corresponding to the unique ID of the mobile terminal 10 to the mobile terminal 10. The “code generation unit” 10 is configured to record the encrypted data obtained by encrypting the credit ID in the private area Cb based on the encryption key transmitted from the credit company server 2. In this way, the credit company server 2 can manage the encryption key in association with the unique ID, and easily provide the encryption key corresponding to the unique ID of the mobile terminal 10 to the mobile terminal 10 to which the credit ID is to be given. Can pass. Further, since the encryption key corresponding to each unique ID is managed by the credit company server 2 except for the one distributed to the mobile terminal 10 to which each unique ID is assigned, the encryption key distributed in the mobile terminal 10 is encrypted. The partially private code C generated by using the key is difficult to decipher except for the credit company server 2 or a device permitted by the credit company server 2, which is more advantageous in terms of security.

[Second Embodiment]
Next, a second embodiment will be described. FIG. 10 is an explanatory diagram for conceptually explaining the settlement system according to the second embodiment. FIG. 11 is an explanatory diagram conceptually illustrating data for each customer registered in the credit company server in the settlement system of the second embodiment. FIG. 12 is a flowchart illustrating the flow of code generation / display processing performed by the mobile terminal in the payment system according to the second embodiment. FIG. 13 is a flowchart illustrating the flow of a code reading process performed by the reading device in the settlement system of the second embodiment.

  The second embodiment differs from the first embodiment only in credit data transmission processing, code generation / display processing, code reading processing, code reception / settlement processing, and data contents for each customer registered in the credit company server. Other than that, the second embodiment is the same as the first embodiment. For example, since the hardware configuration is the same as that of the first embodiment, it will be described with reference to FIGS. 2 and 3 as appropriate. Further, the configuration of the partially private code is different from the first embodiment only in specific data contents, and the other configuration, generation method, and decryption method are the same as those in the first embodiment. Therefore, description will be made with reference to FIG. 6 as appropriate.

  First, credit data transmission processing will be described. In this embodiment, in each credit company server 2, for example, registration data as shown in FIG. 11 is recorded in the storage unit 5 (FIG. 2A). In this registration data, authentication data is assigned to each customer in addition to the configuration of FIG.

In the credit company server 2, after registering each customer's data in the memory | storage part 5, credit data is transmitted with respect to the customer which should issue a credit number (refer FIG. 10). This credit data is sent by e-mail to the address of the customer's mobile terminal based on the unique ID of the customer to be sent. Note that the mail transmission may be performed by an operator, for example, as in the first embodiment, or may be automatically performed at a predetermined time.
Also in this embodiment, the credit data transmitted from the credit company server 2 to the mobile terminal 10 is stored in the storage unit 15 on the mobile terminal side, and this storage unit 15 is an example of the “terminal side storage unit”. It corresponds to.

  Next, code generation / display processing will be described. Also in this embodiment, the code generation / display process shown in FIG. 12 is performed by performing a predetermined operation on the mobile terminal 10. In the process of FIG. 12, first, the same processes (S201 to S203) as S1 to S3 of the first embodiment are performed.

After reading out the credit data (credit number (credit ID), etc.) and unique ID (telephone number, e-mail address, etc.) in S203, as shown in FIG. A unique ID (telephone number, mail address, etc.) is transmitted, and request data for requesting an encryption key and authentication data is transmitted (see also FIG. 10). When the unique ID and the request data are transmitted from the mobile terminal 10, the credit company server 2 reads the authentication data and the encryption key corresponding to the transmitted unique ID from the storage unit 5 (FIG. 2 ( a) and FIG. 11), these authentication data and encryption key are transmitted to the portable terminal 10 of the transmission source. Here, the credit company server 2 shows an example in which the encryption key and the authentication data are stored in advance in association with each unique ID (see FIG. 11). An encryption key generation program (for example, a random number generation program for generating an encryption key) or a predetermined authentication data generation program for generating authentication data (for example, a random number generation program for generating authentication data) is provided. When processing is performed, an encryption key and authentication data corresponding to the transmitted unique ID are newly generated, and the generated encryption key and authentication data are transmitted to the mobile terminal 10, and these are unique. The information may be stored in the storage unit 5 in association with the ID.
In the present embodiment, the storage unit 5 corresponds to an example of an “authentication data storage unit”, stores each unique ID of each portable terminal in association with each credit ID, and stores the credit ID transmission destination. It functions to store authentication data assigned in association with the unique ID of the mobile terminal 10. In addition, the control unit 3 corresponds to an example of a “server side transmission unit”, and the credit ID data corresponding to the unique ID of the mobile terminal 10 or the authentication assigned to the mobile terminal 10 with respect to the mobile terminal 10 Works to send data.

After the processing of S204, the mobile terminal 10 waits until the encryption key and the authentication data are transmitted from the credit company server 2, and when the transmission is made from the credit company server 2, as shown in FIG. The encryption key and authentication data transmitted from the server 2 are received and stored in the storage unit 15 (S205).
In the present embodiment, the control unit 11 and the communication unit 16 correspond to an example of a “terminal side receiving unit”, and the credit number (from the “server side transmitting unit” of the credit company server 2 to the mobile terminal 10 ( (Credit ID) and the like, and also functions to receive authentication data transmitted from the “server-side transmitter” to the portable terminal.

After S205, as shown in FIG. 12, a process for generating a partially private code C is performed (S206). Also in this embodiment, credit data including a credit number (credit ID) or the like is recorded in the non-public area Cb, and the unique ID (telephone number, e-mail address, etc.) of the mobile terminal 10 and the legitimate ID are properly registered in the public area Ca. The private code C is partially generated with the configuration for recording the sex determination reference data, and specifically, the authentication data received in S205 is recorded in the public area Ca as the validity determination reference data. Some private code C is generated. In the present embodiment, only the specific content of the validity judgment reference data is different from that of the first embodiment, and the method for generating a partially private code C is the same as S6 (FIG. 5) of the first embodiment. It is.
Also in the present embodiment, the control unit 11 corresponds to an example of a “code generation unit”.

  After S206, as shown in FIG. 12, a process for displaying the partially private code C generated in S206 on the display unit 13 is performed (S207). Note that the process of S207 is the same as S7 (FIG. 5) of the first embodiment.

  Next, a code reading process performed in the second embodiment will be described. The code reading process shown in FIG. 13 is started, for example, when a predetermined operation is performed in the reading device 30, and first, a process of imaging a partially private code C is performed (S211), and further, a partially private code is performed. The public area Ca of C is decoded (S212). Further, the processes of S211 and S212 are the same as S10 and S11 of the first embodiment. In the present embodiment, since authentication data and a unique ID (telephone number, mail address, etc.) are recorded in the public area Ca, these data are acquired in the process of S212.

  After the process of S212, as shown in FIG. 13, the process of transmitting the authentication data and the unique ID acquired in the process of S212 to the credit company server 2 is performed (S213). In the present embodiment, the control unit 31 and the communication unit 36 correspond to an example of a “decryption content transmission unit”. After the decryption of the public area Ca by the “decryption unit”, the credit company server 2 is accessed and the public area Ca It functions to transmit a unique ID and authentication data obtained by decryption.

  In the credit company server 2 that can receive the data transmitted in S213, the transmission process in S213 is performed, and when there is an access from the reading device 30, the transmission content in S213 is authenticated according to this access. ing. Specifically, the authentication data (FIG. 11) corresponding to the unique ID transmitted in the process of S213 is read from the storage unit 5, and the read authentication data (registered authentication data) and the process of S213 are performed. It is determined whether or not the transmitted authentication data (authentication data received by the credit company server 2) matches. If the authentication data matches, data indicating that the authentication is successful (authentication success data) is transmitted to the reading device 30 that is the access source. In the present embodiment, the control unit 3 that performs such processing corresponds to an example of an “authentication unit”, and content transmitted from the “decrypted content transmitting unit” (unique ID and authentication data transmitted in S213). Function to authenticate

As shown in FIG. 13, on the reading device 30 side, it is determined whether authentication at the credit company server 2 has succeeded (that is, whether authentication success data has been transmitted from the credit company server 2) (S214). If the authentication fails, the process proceeds to No in S214 and the code reading process is terminated.
In the present embodiment, the control unit 31 that performs the process of S214 corresponds to an example of a “determination unit”, and is based on authentication data (validity determination reference data) obtained by decoding the public area Ca (more specifically, Specifically, it is determined whether or not the partially private code C is valid (based on the authentication result by the “authentication means” made when the authentication data is transmitted to the credit company server 2).

  If it is determined in the determination process of S214 that the authentication has succeeded (that is, if authentication success data has been transmitted from the credit company server 2), the process proceeds to Yes in S214 to request an encryption key (S215). In this process, the unique ID acquired in S212 and request data for requesting the encryption key are transmitted to the credit company server 2. In the present embodiment, the control unit 31 and the communication unit 36 that perform the processing of S215 correspond to an example of an “encryption key request unit”, and that the partially-disclosure code C is valid by the “determination unit”. When it is determined, the credit company server 2 functions to request an encryption key corresponding to the unique ID obtained by decrypting the public area Ca.

In the credit company server 2 that can receive the request data transmitted in S215, when the transmission process of S215 is performed and an encryption key is requested from the reading device 30, the above-described authentication process (in the process of S213) is performed. The encryption key corresponding to the unique ID transmitted in S215 is read from the storage unit 5 (see FIG. 2A and FIG. 11) on the condition that the authentication is successful in the authentication process performed in response) The encryption key is transmitted to the requesting reading device 30.
In this embodiment, the control unit 3 of the credit company server 2 corresponds to an example of an “encryption key reading unit”, and the encryption key corresponding to the unique ID requested by the “encryption key requesting unit”. Is read out from the storage unit 5 (server-side storage unit). The control unit 3 and the communication unit 7 correspond to an example of an “encryption key transmission unit”, and transmit the encryption key read by the “encryption key reading unit” to the reading device 30 that is a request source. To function.

The reader 30 waits after the process of S215 until the encryption company server 2 transmits the encryption key. When the encryption key is transmitted, the reader 30 performs a process of receiving the encryption key. (S216).
In the present embodiment, the control unit 31 and the communication unit 36 correspond to an example of an “encryption key acquisition unit”, and acquire the encryption key transmitted by the “encryption key transmission unit”. Function.

After the process of S216, as shown in FIG. 13, a process of decoding the private area Cb of the partially private code C and decrypting the encrypted data is performed (S217). In the process of S217, the encrypted data in the private area Cb is decrypted based on the encryption key received in S216. Specifically, the process is the same as S23 performed in the credit company server 2 in the first embodiment. Decryption is performed by this method.
In this embodiment, the control unit 31 that executes the processes of S212 and S217 corresponds to an example of a “decryption unit”. At least the public area Ca is decrypted, and the encryption key is obtained by the “encryption key acquisition unit”. When it is acquired, it functions to decrypt the private area Cb based on the acquired encryption key.

  After the process of S217, as shown in FIG. 13, a process of transmitting settlement data to the credit company server 2 is performed (S218). This process is the same as S15 (FIG. 8) of the first embodiment, and the settlement data to be transmitted is the same as that of the first embodiment (the name of the entity providing the product or service (name of store, company name, etc.). Identifiable information (for example, payment destination code)), product or service content, billing amount, customer information such as customer name, etc.). In the present embodiment, the control unit 31 that executes the process of S218 corresponds to an example of a “settlement data transmission unit”.

In the credit company server 2 that can receive the payment data transmitted in S218, after receiving the payment data transmitted in S218, the same payment processing (S27: FIG. 9) as in the first embodiment is performed. ing.
In the present embodiment, the control unit 3 corresponds to an example of a “settlement processing unit”, and functions to perform a settlement process based on the settlement data transmitted by the “settlement data transmission unit” of the reading device 30.

(Main effects of the second embodiment)
According to the settlement system 1 of the present embodiment, the credit IDs assigned to the holders of the respective mobile terminals 10 can be centrally managed by the respective mobile terminals 10, and the credit ID data can be smoothly transferred to each mobile terminal 10 when necessary. It becomes available.
Further, since the credit ID stored in the mobile terminal 10 can be used after having a code configuration that is difficult to leak information, it is advantageous in terms of security.
Further, since the validity of the partially private code C can be determined on the reading device 30 side before the settlement process, the partially private code C is not used in an illegal manner.
Furthermore, the private area Cb can be decrypted by the reader 30 on condition that the partially private code C is valid. On the other hand, even if a part of the secret code C is acquired by another device in the process up to the reading device 30, the secret area Cb is not decrypted and the confidentiality is maintained. Accordingly, a situation in which the credit ID is leaked and transmitted to the credit company server 2 in other devices does not occur, and security is ensured.

In the present embodiment, the credit company server 2 stores authentication data assigned in association with the unique ID of the mobile terminal 10 that is the transmission destination of the credit ID, and transmits the credit ID to the mobile terminal 10. Accordingly, authentication data assigned to the mobile terminal 10 is transmitted. On the other hand, the mobile terminal 10 receives the authentication data transmitted to the mobile terminal 10 and generates a part of the private code C in a configuration in which this authentication data is recorded in the public area Ca as validity judgment reference data. . If it does in this way, the authentication data given to the portable terminal 10 from the credit company server 2 can be used as a judgment index of the validity of the partially private code C generated by the portable terminal 10.
Furthermore, in this embodiment, the reader 30 accesses the credit company server 2 after decrypting the public area Ca in S212, and transmits the unique ID and authentication data obtained by decrypting the public area Ca (S213). The credit company server 2 authenticates the transmission content (unique ID and authentication data) in response to access from the reading device 30. Then, the “determination unit” of the reading device 30 determines whether or not the partially secret code C is valid based on the authentication result in the credit company server 2. In this way, it is possible to authenticate on the server side whether or not the transmission contents (unique ID and authentication data) in S213 are legitimate, and the validity of the partially private code C is appropriately determined based on the authentication result. Can be judged.

  Further, in the settlement system of this embodiment, the credit company server 2 uses the method of leaving the authentication history of each authentication data or the method of deleting the authentication data used once, etc. May not be used again. In this way, when the authentication data transmitted in the process of S213 has already been authenticated, it can be treated as an authentication failure in the credit company server 2, and the authentication data once used can be repeatedly illegally used. It can be effectively prevented.

[Third Embodiment]
Next, a third embodiment will be described. FIG. 14 is an explanatory diagram for conceptually explaining the payment system according to the third embodiment. FIG. 15 is a flowchart illustrating the flow of code generation / display processing performed by the mobile terminal in the payment system according to the third embodiment.

  The third embodiment differs from the second embodiment only in credit data transmission processing, code generation / display processing, and server-side authentication processing, and is otherwise the same as the second embodiment. The credit data transmission process is the same as that in the first embodiment. As shown in FIG. 14, credit data (credits) corresponding to the unique ID of the mobile terminal 10 is sent from the credit company server 2 to the mobile terminal 10. Number (credit ID) and the like and an encryption key are transmitted.

  In the present embodiment, code generation / display processing is performed in the flow as shown in FIG. 15, for example. In this code generation / display processing, first, processing similar to S1 to S4 (S311 to S314) of the first embodiment is performed, and thereafter processing for generating authentication data is performed (S315). .

  In this embodiment, the credit company server 2 is provided with an authentication data generation program, and it is possible to generate authentication data according to a predetermined data generation method defined in advance. The mobile terminal 10 is also provided with an authentication data generation program for generating authentication data by the same data generation method as the predetermined data generation method of the credit company server. The authentication data generation program is given to the mobile terminal 10 by a method such as downloading from the credit company server 2, for example.

  Various methods can be considered as the above-mentioned “predetermined predetermined data generation method”. For example, unique data assigned to each unique ID (for example, credit number or assigned data assigned to each customer separately from the credit number) ) Is multiplied by a predetermined prime number defined in advance, the last 8 digits of the value obtained by the multiplication is selected, and the selected lower 8 digit number is multiplied by the predetermined prime number again. An example in which the last 8 digits of the calculated value is “authentication data” can be considered. In addition, the example of “predetermined predetermined data generation method” is not limited to this. For example, a calculation formula including time information such as the date and time when the authentication data is generated (for example, assigned to each customer). If the authentication data is generated by a calculation formula that multiplies the value obtained by time information such as the date and time for generating the authentication data), a part of the private code C Can be effectively prevented from being misused.

  In the present embodiment, the control unit 3 that executes the authentication data generation program on the credit company server side corresponds to an example of a “server side data generation unit”. In addition, the control unit 11 that executes the authentication data generation program on the mobile terminal 10 side corresponds to an example of a “terminal side data generation unit”.

After generating the authentication data in S315, the authentication data obtained in S315 and the unique ID obtained in S313 are recorded in the public area Ca, and credit data such as a credit number (credit ID) is kept in the private area. A partially private code C is generated in a form recorded in Cb (S316), and the generated partially private code C is displayed on the display unit 13 (S317). Note that the method for generating the partially private code C in S316 is the same as S6 (FIG. 5) of the first embodiment, and the display process of S317 is the same as S7 (FIG. 5).
In this embodiment, the control unit 11 that executes the process of S316 corresponds to an example of a “code generation unit”, and authentication data generated by the “terminal side data generation unit” is referred to as “validity determination reference data”. It functions to generate a partly private code C with a configuration of recording in the public area Ca.

  Next, the code reading process performed in this embodiment will be described. Also in the present embodiment, the same code reading process (FIG. 13) as in the second embodiment is performed, and the unique ID and authentication data recorded in the public area Ca are transmitted to the credit company server 2 by the process of S213. (See also FIG. 14).

  In the credit company server 2 that can receive the data transmitted in S213 (FIG. 13), the transmission process in S213 is performed, and when there is an access from the reading device 30, the transmission in S213 is performed according to this access. The contents are authenticated. Specifically, the authentication data is generated using the same program as the authentication data generation program used in the mobile terminal 10. Then, it is determined whether or not the generated authentication data matches the authentication data transmitted by the processing of S213 (authentication data received by the credit company server 2). If the authentication data matches, data indicating that the authentication is successful (authentication success data) is transmitted to the reading device 30 that is the access source.

  As shown in FIG. 13, on the reading device 30 side, it is determined whether authentication at the credit company server 2 has succeeded (that is, whether authentication success data has been transmitted from the credit company server 2) (S214). If the authentication fails, the process proceeds to No in S214 and the code reading process is terminated. If the authentication is successful, the process proceeds to Yes in S214, and the same processes of S215 to S218 as in the second embodiment are performed. In this embodiment, the control unit 31 that performs the process of S214 corresponds to an example of a “determination unit”, accesses the credit company server 2, and generates authentication data generated in the “server-side data generation unit” and “ It functions to determine whether or not the partially private code C is valid based on the comparison result obtained by comparing the authentication data in the public area Ca decrypted by the decryption unit.

(Main effects of the third embodiment)
In the payment system according to the present embodiment, the credit company server 2 is provided with a “server-side data generation unit” that generates authentication data in accordance with a predetermined data generation method defined in advance. Further, the mobile terminal is provided with a “terminal-side data generation unit” that generates authentication data by a data generation method corresponding to the predetermined data generation method of the credit company server 2. In this way, it becomes possible to generate corresponding authentication data between the credit company server 2 and the mobile terminal 10.
Further, the “code generation unit” of the mobile terminal 10 is configured to record the authentication data generated by the “terminal-side data generation unit” in the public area Ca as the validity determination reference data, and a partially private code C The “determination unit” of the reading device 30 that has been generated accesses the credit company server 2, and the authentication data generated in the “server-side data generation unit” and the public area Ca decrypted by the “decryption unit”. It is determined whether or not the partially secret code C is valid based on the comparison result obtained by comparing with the authentication data. In this way, it is possible to appropriately determine whether or not the authentication data in the public area Ca corresponds to the regular authentication data generated on the server side, and the fraud that does not include the authentication data corresponding to the authentication data generated on the server side. Use of some private code.

[Fourth Embodiment]
Next, a fourth embodiment will be described. FIG. 16 is an explanatory diagram for conceptually explaining the settlement system according to the fourth embodiment. The fourth embodiment differs from the third embodiment only in the credit data transmission process and the code generation / display process, and is otherwise the same as the third embodiment.

  First, credit data transmission processing will be described. Also in this embodiment, in each credit company server 2, for example, registration data as shown in FIG. 4 is recorded in the storage unit 5 (FIG. 2A). In the credit company server 2, first, a credit number (credit ID) ) And the like, the encryption key assigned to the customer who should issue the credit data is read out, and the credit data is encrypted using this encryption key. Then, a partially private code C in which the encrypted data is recorded in the private area Cb is generated. The method for generating this partially private code C is the same as S6 (FIG. 5) of the first embodiment. Here, only the private area Cb is generated, and the public area Cb is blank. The image data of only the non-public area Cb is generated.

After generating the image data of the non-public area Cb in this way, this image data is mailed to the address of the customer's mobile terminal based on the unique ID of the customer to be sent (see FIG. 16). The image data is received by the destination mobile terminal 10 and stored in the storage unit 15.
In the present embodiment, the control unit 3 and the communication unit 7 of the credit company server 2 correspond to an example of a “server side transmission unit”, and the credit ID corresponding to the unique ID of the mobile terminal 10 is encrypted with respect to the mobile terminal 10. An encrypted image of the encrypted data (specifically, an encrypted image obtained by expressing the encrypted data by a plurality of cells representing a part of the private code C) is transmitted.

  Next, code generation / display processing performed in the present embodiment will be described. Also in the present embodiment, as shown in FIG. 15, code generation / display is performed in the same flow as in the third embodiment. In this code generation / display processing, the processing of S311 to S315 is the same as that of the third embodiment, and only the point that the image data acquired from the credit company server 2 is read in place of the credit data in S313 is the third. It is different from the embodiment.

After the process of S315, a process of generating a partially private code C is performed (S316). In this process, the encrypted image transmitted from the credit company server 2 is incorporated as an image in the private area Cb, and the unique ID read in S313 and the authentication data (validity generated in S315) are included in the public area Ca. A partially private code C is generated with a configuration for recording (determination reference data). The method for generating the partially private code C is the same as S6 (FIG. 5) of the first embodiment, but in this embodiment, the encrypted data has already been encoded and the image of the private area Cb has already been generated. Therefore, in S316, the public data (unique ID, authentication data, etc.) to be recorded in the public area is encoded and assigned to the public area Ca, and the image of the non-public area Cb is incorporated in this. Error code data is generated and incorporated into the error correction area, thereby generating a partially private code C.
In the present embodiment, the control unit 11 corresponds to an example of a “code generation unit”, and an encrypted image transmitted from the credit company server 2 is incorporated as an image of the non-public area Cb, and the portable area is included in the public area Ca. It functions to generate a partly private code C in a configuration that records the unique ID of the terminal 10 and the validity judgment reference data.

  The partially private code C generated in S316 is displayed in the same manner as in the third embodiment (S317), and is the same as in the third embodiment by the code reading process (FIG. 13) performed in the reading device 30. Will be read. In the code reading process of FIG. 13, the encryption key is transmitted from the credit company server 2 in response to the request in S215. In the present embodiment, the image of the non-public area Cb is transmitted in the credit data transmission process described above. Since the encryption key used at the time of generation is associated with the unique ID, the encryption key used at the time of generating the image of the private area Cb is read from the credit company server 2 based on the unique ID transmitted in S215. It will be transmitted to the device 30.

(Main effects of the fourth embodiment)
In the payment system according to the present embodiment, the “server-side transmission unit” of the credit company server 2 partially sends encrypted data obtained by encrypting the credit ID corresponding to the unique ID of the mobile terminal 10 to the mobile terminal 10. An encrypted image expressed by a plurality of cells representing a part of the private code C is transmitted. Then, the “code generation unit” of the mobile terminal 10 incorporates the encrypted image transmitted from the credit company server 2 as an image of the private area Cb, and determines the unique ID and validity of the mobile terminal 10 in the public area Ca. A partly private code C is generated in a configuration for recording the reference data. In this way, the credit company server 2 can give the credit ID to the mobile terminal 10 in an encrypted state, and the mobile terminal 10 can manage the credit ID in an encrypted state (secret state). Therefore, the security at the time of holding credit ID in the portable terminal 10 can be improved, and unauthorized use of credit ID can be prevented more effectively. On the other hand, since the encryption key for decrypting the encrypted image of the credit ID is managed by the credit company server 2, it is difficult to decrypt the credit key by the credit company server 2 or a device other than the device authorized by the credit company server 2. Be thorough.

[Other Embodiments]
The present invention is not limited to the embodiments described with reference to the above description and drawings. For example, the following embodiments are also included in the technical scope of the present invention.

  In the second to fourth embodiments, when authentication is successful in the authentication process of the credit company server 2 performed according to the process of S213 in FIG. 13, an encryption key is sent from the credit company server 2 to the reading device 30. And when the reading device 30 partially decrypts the private code C, but the authentication is successful in the authentication processing of the credit company server 2 performed in accordance with the processing of S213, the reading device 30 sends the credit company You may make it transmit the image data of the partial secret code C with respect to the server 2. FIG. In this case, the credit company server 2 may perform code reception / settlement processing as shown in FIG. The reading device 30 may omit S216 and S217 in the processing of FIG. 13 and perform the processing of S218 when there is a notification of successful decoding (S25: FIG. 9).

DESCRIPTION OF SYMBOLS 1 ... Payment system 2 ... Credit company server 3 ... Control part (Server side transmission part, Server side receiving part, Unique ID acquisition part, Encryption key reading part, Credit ID reading part, Payment processing part, Encryption Key transmission unit, authentication data reading unit, server side data generation unit)
5... Storage unit (server side storage unit, authentication data storage unit)
7. Communication unit (server side transmission unit, server side reception unit, encryption key transmission unit)
10: Portable terminal 11: Control unit (code generation unit, terminal side reception unit, effective period data generation unit, terminal side data generation unit)
13 ... Display unit 15 ... Storage unit (terminal-side storage unit)
16: Communication unit (terminal side receiving unit)
30: Reading device 31: Control unit (decryption unit, determination unit, code data transmission unit, settlement data transmission unit, encryption key request unit, encryption key acquisition unit, unique ID transmission unit)
32 ... Imaging unit 36 ... Communication unit (Code data transmission unit, payment data transmission unit, encryption key request unit, encryption key acquisition unit, unique ID transmission unit)
C: Partially private code Ca ... Public area Cb ... Private area

Claims (7)

A code generation unit capable of generating a partially private code having a public region and a private region in which encrypted data encrypted based on the encryption key is recorded; and the one generated by the code generation unit A mobile terminal comprising a display unit for displaying a private code,
A server-side storage unit that stores each unique ID of each portable terminal in association with each credit ID, and a server side that transmits the credit ID data corresponding to the unique ID of the portable terminal to the portable terminal A credit company server comprising: a transmission unit;
A reading device that reads the partially private code displayed on the display unit of the mobile terminal;
A payment system comprising:
The portable terminal is
A terminal-side receiving unit that receives data of the credit ID transmitted from the server-side transmitting unit of the credit company server to the mobile terminal;
A terminal-side storage unit that stores data of the credit ID received by the terminal-side receiving unit;
With
The code generation unit is configured to record the credit ID in the non-public area, and to record the unique ID of the portable terminal and validity determination reference data in the public area, Generate and
The display unit is configured to display the partially private code generated by the code generation unit;
The reader is
An imaging unit that images the partially-disclosed code displayed on the display unit of the mobile terminal;
A decoding unit that decodes at least the data in the public area when the partially private code is imaged by the imaging unit;
A determination unit that determines whether or not the partially private code is valid based on the validity determination reference data obtained by decoding the public area by the decoding unit;
A code data transmitting unit that transmits data of the partially private code to the credit company server when the determining unit determines that the partially private code is valid;
A payment data transmission unit for transmitting payment data including at least money amount data to the credit company server;
With
The credit company server is
A server-side receiving unit that receives the data of the partially private code transmitted by the code data transmitting unit of the reader and the payment data transmitted by the payment data transmitting unit;
A unique ID acquisition unit that decodes the public area based on the data of the partially private code received by the server-side receiving unit and acquires the unique ID recorded in the public area;
An encryption key reading unit that reads the encryption key corresponding to the unique ID acquired by the unique ID acquisition unit from the server-side storage unit;
Based on the encryption key read by the encryption key reading unit, the private ID of the partial private code received by the server-side receiving unit is decrypted to read the credit ID And
A payment processing unit that performs a payment process based on the credit ID read by the credit ID reading unit and the payment data received by the server-side receiving unit;
A payment system characterized by comprising: A code generation unit capable of generating a partially private code having a public region and a private region in which encrypted data encrypted based on the encryption key is recorded; and the one generated by the code generation unit A mobile terminal comprising a display unit for displaying a private code,
A server-side storage unit that stores each unique ID of each portable terminal in association with each credit ID, and a server side that transmits the credit ID data corresponding to the unique ID of the portable terminal to the portable terminal A credit company server comprising: a transmission unit;
A reading device that reads the partially private code displayed on the display unit of the mobile terminal;
A payment system comprising:
The portable terminal is
A terminal-side receiving unit that receives data of the credit ID transmitted from the server-side transmitting unit of the credit company server to the mobile terminal;
A terminal-side storage unit that stores data of the credit ID received by the terminal-side receiving unit;
With
The code generation unit is configured to record the credit ID in the non-public area, and to record the unique ID of the portable terminal and validity determination reference data in the public area, Generate and
The display unit is configured to display the partially private code generated by the code generation unit;
The reader is
An imaging unit that images the partially-disclosed code displayed on the display unit of the mobile terminal;
A decoding unit that decodes at least the data in the public area when the partially private code is imaged by the imaging unit;
A determination unit that determines whether or not the partially private code is valid based on the validity determination reference data obtained by decoding the public area by the decoding unit;
When the determination unit determines that the partially private code is valid, the credit company server is requested for the encryption key corresponding to the unique ID obtained by decrypting the public area. An encryption key request part;
A payment data transmission unit for transmitting payment data including at least money amount data to the credit company server;
With
The credit company server is
An encryption key reading unit that reads out the encryption key corresponding to the unique ID requested by the encryption key requesting unit from the server-side storage unit;
An encryption key transmitting unit that transmits the encryption key read by the encryption key reading unit to the reading device of the request source;
A payment processing unit for performing payment processing based on the payment data transmitted by the payment data transmission unit;
With
Furthermore, the reader is
An encryption key acquisition unit for acquiring the encryption key transmitted by the encryption key transmission unit;
When the encryption key is acquired by the encryption key acquisition unit, the decryption unit decrypts the private area based on the acquired encryption key,
When the private area is decrypted by the decryption unit, the payment data transmission unit is configured to transmit the credit ID recorded in the private area to the credit company server,
The payment system, wherein the payment processing unit of the credit company server performs the payment processing on the payment data based on the credit ID transmitted by the payment data transmission unit. The portable terminal is
With an effective period data generation unit for generating effective period data based on the generation time of the partially private code,
The code generation unit is configured to record the validity period data as the validity judgment reference data in the public area, and generate the partially private code,
The determination unit of the reader determines whether or not the partial private code is valid based on the validity period data obtained by decoding the public area by the decoding unit and the current time. The settlement system according to claim 1 or 2, characterized in that: The credit company server is
An authentication data storage unit that stores authentication data assigned in association with the unique ID of the mobile terminal that is the transmission destination of the credit ID;
The server-side transmitter is configured to transmit the authentication data assigned to the mobile terminal to the mobile terminal,
The portable terminal is
The terminal-side receiving unit receives the authentication data transmitted from the server-side transmitting unit to the mobile terminal,
In the configuration in which the code generation unit records the authentication data received by the terminal side reception unit as the validity determination reference data in the public area, the partial private code is generated,
The reading device accesses the credit company server after decoding the public area by the decoding unit, and transmits at least one of the unique ID and the authentication data obtained by decoding the public area With
The credit company server includes an authentication unit that authenticates the content transmitted from the decrypted content transmitting unit in response to access from the reader.
The determination unit according to claim 1 or 2, wherein the determination unit of the reader determines whether or not the partial secret code is valid based on an authentication result by the authentication unit. Payment system. The credit company server includes a server-side data generation unit that generates authentication data according to a predetermined data generation method defined in advance,
The portable terminal is
A terminal-side data generation unit that generates authentication data in a data generation method corresponding to the predetermined data generation method of the credit company server;
The code generation unit is configured to record the authentication data generated in the terminal-side data generation unit in the public area as the validity determination reference data, and to generate the partially private code,
The determination unit of the reading device accesses the credit company server and compares the authentication data generated in the server-side data generation unit with the authentication data in the public area decrypted by the decryption unit. 3. The settlement system according to claim 1, wherein it is determined whether or not the partially private code is valid based on a comparison result. The server side transmission unit of the credit company server transmits the encryption key corresponding to the unique ID of the mobile terminal to the mobile terminal,
The code generation unit of the mobile terminal records the encrypted data obtained by encrypting the credit ID based on the encryption key transmitted from the credit company server in the private area. The settlement system according to any one of claims 1 to 5. The server-side transmission unit of the credit company server includes a plurality of pieces of encrypted data obtained by encrypting the credit ID corresponding to the unique ID of the mobile terminal with respect to the mobile terminal. Send an encrypted image represented by a cell of
The code generation unit of the mobile terminal incorporates the encrypted image transmitted from the credit company server as an image of the non-public area, and the unique ID of the mobile terminal and the validity judgment criterion are included in the public area. The settlement system according to any one of claims 1 to 5, wherein the partially private code is generated in a configuration for recording data.

Images