JP2020017323A - Multifunction card, integrated circuit for settlement, and function card circuit - Google Patents

Abstract

To record the use history of a multifunction card.SOLUTION: A multifunction card includes a memory and a processor. The memory stores first data used in a first function for settlement, second data used in a second function different from the first function, and history information on the first function and the second function. The processor transmits, when a user uses the first function, the first data to a first device and causes first information in which first identification information indicating the first function and first time information are associated to be included in the history information of the memory; and when a user uses the second function, transmits the second data to the first device or a second device different from the first device and causes second information in which second identification information indicating the second function and second time information are associated to be included in the history information of the memory.SELECTED DRAWING: Figure 1

Description

  The present invention relates to a multifunction card, a payment integrated circuit, and a multifunction card circuit.

  Credit card fraud, such as fake signatures, PIN analysis, skimming, card forgery, and unauthorized use by relatives, is increasing.

  In recent years, biometric authentication with high security has been used in some cases to prevent unauthorized use of card settlement.

  As an example of a system for confirming a user based on biometric authentication, there is an automatic teller machine (ATM) for inquiring the balance of bank deposits and savings, depositing and withdrawing, and transferring money. In such a bank system, the ATM acquires the biometric data of the user and transmits it to the server of the bank. The server performs biometric authentication for comparing the user's biometric data received from the ATM with the biometric data stored in the database.

  In addition, there is a technology in which a fingerprint sensor is attached to a credit card, and fingerprint data stored in the credit card inside the credit card is compared with fingerprint data of a user acquired by the fingerprint sensor.

  Further, the card payment terminal obtains the biometric data stored in the credit card, obtains the user's biometric data with the sensor provided in the card payment terminal, and verifies the obtained biometric data with the card payment terminal. Japanese Patent No. 5713516 discloses such a technique.

Japanese Patent No. 5713516

  However, the use of the biometric data stored in the credit card for other functions other than the card payment has not been studied by the above technology.

  The present invention has been made in view of the above circumstances, and relates to a multifunction card, a payment integrated circuit, and a multifunction card circuit that can provide a user with multiple functions and store a usage history.

  According to the present embodiment, the multi-function card includes a memory and a processor. The memory relates to first data used in a first function for settlement, second data used in a second function different from the first function, and the first function and the second function. The history information is stored. The processor transmits the first data to the first device when the user uses the first function, and stores the first identification information indicating the first function and the first time in the history information of the memory. When the user uses the second function, including the first information associated with the information, the second data is transmitted to the first device or a second device different from the first device, and The second history information includes second information that associates second identification information indicating a second function with second time information.

  According to the present invention, it is possible to record the usage history of the multi-function card.

FIG. 2 is a block diagram illustrating an example of a configuration of a multi-function card according to the first embodiment. FIG. 2 is a block diagram illustrating a plurality of functions provided in the multi-function card according to the first embodiment. FIG. 3 is a data structure diagram illustrating an example of setting information according to the first embodiment. FIG. 3 is a data structure diagram illustrating an example of history information according to the first embodiment. 5 is a flowchart illustrating an example of a multifunction card setting process according to the first embodiment. 5 is a flowchart illustrating an example of a process for using a multi-function card according to the first embodiment. FIG. 9 is a block diagram showing an example of a configuration of a card payment terminal and peripheral devices according to a second embodiment. The data structure figure showing the 1st example of the payment data concerning a 2nd embodiment. The data structure figure showing the 2nd example of the settlement data concerning a 2nd embodiment. The data structure figure showing the 3rd example of the settlement data concerning a 2nd embodiment. FIG. 9 is a data structure diagram showing an example of credit result data according to the second embodiment. 9 is a flowchart illustrating processing of the card payment terminal according to the second embodiment. 9 is a flowchart illustrating a signature data matching process according to the second embodiment. The block diagram showing an example of the composition of the card payment system concerning a 3rd embodiment. 13 is a flowchart illustrating a process for setting personal information according to the third embodiment. 13 is a flowchart illustrating processing in the security service according to the third embodiment.

  Hereinafter, embodiments of the present invention will be described with reference to the drawings. In the following description, substantially or substantially the same functions and components are denoted by the same reference numerals, and description will be made only when necessary.

[First Embodiment]
In the present embodiment, a multifunctional card including other functions in addition to the card settlement function will be described. The multi-function card stores biometric data.

  In the present embodiment, the identification information is called an ID.

  FIG. 1 is a block diagram illustrating an example of a configuration of the multi-function card according to the present embodiment.

  The multi-function card 1 includes, for example, a card-shaped card body 1A and an integrated circuit 2 provided in the card body 1A. The integrated circuit 2 may be, for example, an IC (Integrated Circuit) chip. This integrated circuit 2 includes a communication unit 3, a processor 4, and memories 5A to 5C.

  The multi-function card 1 operates in cooperation with the information processing device 8 or the biometric authentication device 9.

  The information processing device 8 transmits, for example, a signal, a command, software, a program, data, setting information, a user ID, a software ID, a data ID, and various other information by using the card writer 8A.

  The biometric authentication device 9 includes a card reader / writer 9A, a biometric sensor 9B, and a collating unit 9C. The card reader / writer 9A receives signals, commands, data, information, and the like from the multi-function card 1, or transmits signals, commands, data, information, and the like to the multi-function card 1. The biological sensor 9B acquires the biological data of the user of the multi-function card 1. The collation unit 9C collates the biometric data acquired by the biometric sensor 9B with the biometric data received from the multi-function card 1 via the card reader / writer 9A, and executes biometric authentication. Then, the collating unit 9C transmits the biometric authentication result to the multi-function card 1 via the card reader / writer 9A.

  The biometric authentication device 9 may be, for example, a card payment terminal provided in a store or various information processing devices. The information processing device may be, for example, a personal computer, a mobile phone such as a smartphone, a tablet computer, or the like.

  The multi-function card 1 may include, for example, at least one card payment function 61 among a function as a credit card, a function as a debit card, and a function as a prepaid card. In the present embodiment, in order to simplify the description, the case where the card payment function 61 is a function as a credit card will be described as an example.

  In the present embodiment, it is assumed that the multi-function card 1 includes a plurality of biometric data 71 to 7N respectively corresponding to a plurality of users. As described above, when the multifunctional card 1 includes a plurality of biometric data 71 to 7N, for example, the multifunctional card 1 can be shared by a plurality of users belonging to an arbitrary group such as a family and an employee. Will be possible. However, in the present embodiment, it is assumed that one user is permitted to use the multi-function card 1 as a credit card. A plurality of users may be able to use the multi-function card 1 as a credit card.

  When it is assumed that the multi-function card 1 is exclusively used by one user, the biometric data included in the multi-function card 1 may correspond to one user. Other functions 62 to 6M other than the card settlement function 61 included in the multi-function card 1 include, for example, a point card, a ticket (commuter pass), a social security card, a resident card, a seal card, an unlocking card, a license, It may be a function as an insurance card, passport, car key, my number card, social security card, or consultation card. In the present embodiment, for example, the card payment function 61 enables the use of the multi-function card 1 when biometric authentication is successful for one specific user. In a second function such as a point card, the multi-function card 1 can be used without performing biometric authentication. In a third function such as an automobile key or an unlocking card, the multifunction card 1 can be used when biometric authentication is successful for any of a plurality of biometric data stored in the multifunction card 1. I do.

  The multifunctional card 1 receives a radio wave (electromagnetic field) emitted from a device such as a card writer 8A or a card reader / writer 9A by an antenna circuit 3A of the communication unit 3, converts the received radio wave into electricity, and integrates the received radio wave. Used as power for the circuit 2. However, the multi-function card 1 may include a power supply.

  When setting the multi-function card 1, the communication unit 3 sends signals, commands, software, programs, data, and settings from a card writer 8 </ b> A provided in the information processing device 8 in a contact or non-contact manner, or in a wired or wireless manner. Information, a user ID, a software ID, a data ID, and other various information are received.

  The communication unit 3 transmits or receives signals, commands, data, information, and the like, with the card reader / writer 9A, in contact or non-contact, or in a wired or wireless manner, when using the multi-function card 1.

  The processor 4 controls the communication unit 3 and accesses the memories 5A to 5C. More specifically, the processor 4 executes the control software 10 stored in the memory 5A. In addition, the processor 4 can execute software 111 to 11K for implementing various functions stored in the memory 5B. The processor 4 can use the memory 5C as a working memory. The processor 4 executes the control software 10 stored in the memory 5A, and can execute each of the plurality of softwares 111 to 11K stored in the memory 5B according to control based on the control software 10. Further, when new software is added to the memory 5B, the processor 4 can execute the new software. For example, the control software 10 may be an operating system (OS). For example, the software 111 to 11K may be an application.

  For example, the memories 5A and 5B are nonvolatile memories. More specifically, for example, the memory 5A may be a read-only memory (ROM), and the memory 5B may be an EPROM (Erasable Programmable Read-Only Memory) or an EEPROM (Electrically Erasable Programmable Read-Only Memory).

  The memory 5B stores software 111 to 11K associated with the software ID, biometric data 71 to 7N associated with the user ID, setting information 12, and history information 13.

  The softwares 111 to 11K include programs for realizing various functions and information on the programs. By making the software 111 to 11K executable, the multi-function card 1 can realize other functions 62 to 6M in addition to the card settlement function 61. For example, the software 111 realizes a card payment function 61 as a credit card, and the software 112 to 11K can realize other functions 62 to 6M other than the card payment function 61.

  The biometric data 71 to 7N may be, for example, fingerprint data, vein data, artery data, palm shape data, retina data, iris data, face data, blood vessel data, voice data, voice print data, or ear type data.

  The setting information 12 includes various information required for the operation of the control software 10 and the software 111 to 11K of the multi-function card 1. For example, the setting information 12 is information for managing the software IDs indicating the software 111 to 11K stored in the memory 5B of the multi-function card 1 in association with the user ID indicating the user of the biometric authentication candidate (target). is there. Thereby, for example, the multi-function card 1 permits the card payment function 61 to one user, and makes the point card function usable by anyone (biometric authentication is unnecessary). On the other hand, the level of security can be set according to the function of the multi-function card 1, such as permitting the function as a key of a car.

  When it is assumed that the multi-function card 1 is used by only one specific user without being shared, the setting information 12 indicates the software ID and whether or not biometric authentication is required. The information may be managed in association with the information.

  The history information 13 includes, for example, time information, software ID indicating software to be used, information indicating whether biometric authentication is successful, and authentication when biometric authentication is successful, every time the multi-function card 1 is used. This is information for managing the associated user IDs indicating the users.

  When it is assumed that the multi-function card 1 is used by only one specific user without being shared, even if the user ID is omitted from the information included in the history information 13. Good.

  Each of the softwares 111 to 11K is executed under the control of the control software 10.

  The software 111 realizes the card payment function 61 on the card side, for example, by being executed by the processor 4.

  The software 112 realizes the point card function 62 on the card side, for example, by being executed by the processor 4.

  The software 113 realizes the function 63 of the car key on the card side, for example, by being executed by the processor 4.

  The control unit 41 is realized by the processor 4 executing the control software 10.

  When setting the multi-function card 1, the control unit 41 transmits software 111 to 11K, a software ID, a user ID indicating a user of a biometric authentication candidate (target), and biometric data 71 to 71 from the card writer 8A via the communication unit 3. 7N, a user ID indicating the user corresponding to the biometric data 71 to 7N is received. Then, the control unit 41 stores the received software and the software ID in the memory 5B in association with each other. The control unit 41 updates the setting information 12 by associating the received software ID with the user ID indicating the user of the biometric authentication candidate. The control unit 41 stores the received biometric data 71 to 7N in the memory 5B in association with the corresponding user ID.

  The control software 10 may be included in, for example, the OS. As a more specific example, the control software 10 may be included in a multi-application OS, or may be included in a general-purpose OS called a virtual machine (Virtual Machine). However, the control software 10 may not be included in the OS but may be software that operates according to the control of the OS.

  The control unit 41 determines which of the plurality of softwares 111 to 11K is to be executed based on the command received via the communication unit 3.

  The control unit 41 determines based on the setting information 12 whether the determined software requires biometric authentication.

  The control unit 41 executes the determined software when the determined software does not require biometric authentication.

  When the determined software requires biometric authentication, the control unit 41 sets the determined software as a biometric authentication candidate until receiving an authentication result indicating authentication success or in the setting information 12. The biometric data is sequentially transmitted to the biometric authentication device 9 via the communication unit 3 until the biometric authentication for all the biometric data is completed. Then, the control unit 41 receives the authentication result via the communication unit 3 from the card reader / writer 9A provided in the biometric authentication device 9.

  When the received authentication result indicates that the authentication is successful, the control unit 41 executes the determined software, and executes the time information, the software ID indicating the determined software, and the authentication indicating that the biometric authentication was successful. The history information 13 in the memory 5B is updated by associating the result with a user ID indicating a user who has successfully performed biometric authentication.

  The control unit 41 ends the biometric authentication for all the biometric data set as the biometric candidates for the software determined in the setting information 12, and the received authentication for the biometric data of all the biometric candidates. When the result indicates that the authentication has failed, the history information 13 in the memory 5B is updated by associating the time information, the software ID indicating the determined software, and the authentication result indicating that the biometric authentication has failed.

  The control unit 41 terminates the biometric authentication for all the biometric data set as the biometric authentication candidates for the determined software in the setting information 12 and all the received authentication results indicate that the authentication has failed. Alternatively, various data in the memory 5B of the multi-function card 1 may not be read, thereby protecting the multi-function card 1.

  The control unit 41 may change the multi-function card 1 from the usable state to the use-prohibited state based on the setting information 12 in the application based on the software for which the biometric authentication is determined to have failed. Alternatively, if there is at least one software whose biometric authentication is determined to have failed based on the setting information 12, the control unit 41 switches from the usable state to the use prohibited state for all the functions of the multi-function card 1. May be changed to

  FIG. 2 is a block diagram illustrating a plurality of functions provided in the multi-function card 1 according to the embodiment.

  As described above, the multi-function card 1 stores the software 111 to 11K for realizing the card settlement function 61, the point card function 62, the car key function 63, the license function 64, and the like. The software 111 to 11K includes data required to realize a corresponding function.

  The multi-function card 1 stores the biometric data 71. The biometric data 71 may be shared by a plurality of functions.

  For example, the biometric authentication device 9 such as a card payment terminal including the biometric sensor 9B receives the biometric data 71 from the multi-function card 1, compares the biometric data 71 with the biometric data acquired by the biometric sensor 9B, The authentication result is transmitted to the multi-function card 1.

  When the biometric authentication is successful, the multi-function card 1 transmits data corresponding to the function to the biometric authentication device 9.

  FIG. 3 is a data structure diagram illustrating an example of the setting information 12 according to the present embodiment.

  The setting information 12 associates a software ID indicating software installed in the multi-function card 1 with a user ID indicating a user who is permitted to use the software when biometric authentication is successful. For example, when the user ID is not associated with the software ID in the setting information 12, it indicates that the software indicated by the software ID can be used by anyone and biometric authentication is not required.

  FIG. 4 is a data structure diagram illustrating an example of the history information 13 according to the present embodiment.

  The history information 13 associates the time information at which the command was received, the software ID indicating the software corresponding to the command, the biometric authentication result, and the user ID indicating the authenticated user when the biometric authentication was successful. ing.

  FIG. 5 is a flowchart illustrating an example of a setting process of the multi-function card 1 according to the embodiment.

  In step S1, the communication unit 3 receives, from the card reader 8A of the information processing device 8, software, a software ID, a user ID indicating a user of a biometric authentication candidate, and biometric data of a user of a biometric authentication candidate. The software, information, and data received in step S1 may be received a plurality of times.

  In step S2, the control unit 41 stores the received software and the software ID in the memory 5B in association with each other.

  In step S3, the control unit 41 updates the setting information 12 by associating the received software ID with the user ID indicating the user of the biometric authentication candidate.

  In step S4, the control unit 41 stores the received biometric data and the user ID in the memory 5B in association with each other.

  Steps S2 to S4 described above may be performed in any order, or may be performed simultaneously.

  FIG. 6 is a flowchart illustrating an example of a process of using the multi-function card 1 according to the embodiment.

  In step T1, the communication unit 3 receives a command from the card reader / writer 9A of the biometric authentication device 9.

  In step T2, the control unit 41 determines whether biometric authentication is necessary. Specifically, the control unit 41 determines whether the software ID indicated by the command is associated with the user ID in the setting information 41.

  If the biometric authentication is unnecessary, the process proceeds to Step T8A.

  When the biometric authentication is required, in step T3, the control unit 41 reads the biometric data of the biometric authentication candidate from the memory 5B. Specifically, the control unit 41 selects the user ID associated with the software ID indicated by the command in the setting information 12, and stores the biometric data associated with the selected user ID from the memory 5B. read out.

  In step T4, the communication unit 3 transmits the read biometric data to the biometric authentication device 9.

  In step T5, the communication unit 3 receives the biometric authentication result from the biometric authentication device 9.

  In step T6, the control unit 41 determines whether the biometric authentication result is successful or unsuccessful.

  If the biometric authentication result is successful, the process moves to step T8B.

  If the biometric authentication result is unsuccessful, in step T7, the control unit 41 determines whether or not biometric authentication has been performed on biometric data of all biometric authentication candidates. Specifically, the control unit 41 sets the user ID associated with the software ID indicated by the command in the setting information 12 as the user ID of the biometric authentication candidate, and is associated with the user ID of the biometric authentication candidate. The biometric data is used as the biometric data of the biometric authentication candidate, and it is determined whether the biometric authentication has been performed on all the biometric data of the biometric authentication candidates.

  If the biometric authentication has been performed on the biometric data of all the biometric authentication candidates, but the biometric authentication result is not successful, the process proceeds to step T8C.

  If the biometric authentication has not been performed on all the biometric data of the biometric candidates, the process returns to step T3, and the same process is performed on the biometric data of the next biometric candidate.

  If it is determined in step T2 that biometric authentication is unnecessary, in step T8A, the control unit 41 stores the history information 13 in association with the time information and the software ID indicated by the command.

  Then, in step T9A, the control unit 41 executes software associated with the software ID indicated by the command, and transmits data used by an external device via the communication unit 3. Thus, the multi-function card 1 can be used for applications that do not require biometric authentication.

  If the biometric authentication is successful in step T6, in step T8B, the control unit 41 stores the time information, the software ID, the authentication result indicating that the biometric authentication is successful, and the authenticated user ID in the history information 13. Relate and store.

  Then, in step T9B, the control unit 41 executes the software associated with the software ID indicated by the command, and transmits data used by the external device via the communication unit 3, as in step T9A. For example, when the command is a payment command, the control unit 41 executes the card payment function 61 and sends a card reader / writer 9A of the card payment terminal a user ID indicating a user who has successfully performed biometric authentication, and And transmitting data for settlement including a card number, an expiration date, a name, an address, a telephone number, etc. corresponding to the user ID.

  If the biometric authentication has been performed on all the biometric data of the biometric authentication candidates in step T7 but the biometric authentication result is not successful, in step T8C, the control unit 41 stores the time information and the software ID in the history information 13. The authentication result indicating that the biometric authentication has failed is stored in association with the authentication result. Then, after step T8C, the process ends.

  In the present embodiment described above, the multi-function card 1 including the biometric data 71 to 7N can be used for various purposes, functions, applications, or services. The biometric data 71 to 7N can be used not only for the card payment function 61 but also for other functions for biometric authentication.

  In the present embodiment, whether or not to perform biometric authentication can be set according to the purpose, function, application, or service of the multi-function card 1.

  In the present embodiment, by using the setting information 12, when biometric authentication is successful for at least one specific user, various types of data such as transmission of data from the multi-function card 1 to the biometric authentication device 9 are used. Service can be provided.

  In the present embodiment, the use history of the multi-function card 1 can be managed based on the history information 13, and unauthorized use can be suppressed.

  In the present embodiment, the functions of a plurality of cards can be integrated into one multi-function card 1, so that the user's card management burden can be reduced and the convenience of the user can be increased. In addition, it is possible to prevent unauthorized use of the user.

  In the present embodiment, for example, when the multi-function card 1 is used for card settlement, only one user can use the card, and when, for example, the multi-function card 1 is used as a key of a car, it is shared by a plurality of users. Can be possible.

  In the present embodiment, for example, by using biometric data instead of a password, the user can eliminate the burden of managing and changing the password.

  In the present embodiment, when the biometric authentication fails, the security of the multifunction card 1 is set by disabling the card for the function determined to have failed the biometric authentication or for all the functions of the multifunction card 1. Can be increased.

[Second embodiment]
Hereinafter, an embodiment of the card payment terminal according to the second embodiment will be described with reference to the drawings.

  In the present embodiment, a case where a card storing biometric data used for biometric authentication is a credit card will be described as an example. However, as the card storing the biometric data, various cards such as a David card and an electronic money card may be used as long as they are used for settlement. For example, a card storing biometric data used for biometric authentication may be the multi-function card 1 according to the first embodiment.

  FIG. 7 is a block diagram illustrating an example of a configuration of the card payment terminal and the peripheral device according to the present embodiment.

  In the present embodiment, the card C of the user U includes a card body C1 having a card shape and an integrated circuit T provided in the card body C1. The integrated circuit T includes, for example, a card including a card number 201 as an example of a card ID, an expiration date 202, a name 203 as an example of a user ID, an authentication failure flag 204 as an example of a biometric authentication result, biometric data 205, and the like. The data D is stored. The card data D is already stored in the card C when the card is issued, for example. As the biometric data 205, for example, a fingerprint pattern, an iris pattern, a vein pattern, or the like is used in the same manner as the above-described biometric data 71 to 7N. You. Further, in order to enable one card to be used by a plurality of contractors, the biometric data 205 and the name 203 can include data of a plurality of contractors. The method for identifying the user will be described later.

  The card settlement terminal 200 includes a signature input device 207, a biometric data acquisition device 208 as an example of the biometric sensor 9B, and a card terminal 209. The card terminal 209 includes a card data read / write device 210 as an example of a card reader / writer 9A, a payment receiving device 211, a processing device 212 as an example of a collating unit 9C, and a communication device 213.

  The card data read / write device 210 reads the card data D stored in the card C of the user U, and sends the card data D to the processing device 212. In addition, the card data read / write device 210 can rewrite the card data D stored in the card C according to an instruction from the processing device 212.

  Further, the card data read / write device 210 can read the card data D1 stored in the magnetic storage medium T1 provided in the card C. For example, the card data D1 includes information on at least one of a user ID and a card ID.

  The settlement accepting device 211 accepts a payment amount, a payment method (for example, lump-sum payment, installment payment), and the like based on, for example, an operation of a clerk at a member store, and sends the payment amount and the payment method to the processing device 212.

  The signature input device 207 acquires the signature data 214 of the user U at the time of card payment, and sends the signature data 214 to the processing device 212 of the card terminal 209. The signature input device 207 may be any device as long as the user U can input a signature by hand and can send the signature to the processing device 212 as electronic data. For example, the signature input device 207 may be a device capable of performing an electronic signature using a touch pen, or may be a device such as a scanner or a camera that digitizes a signature of a user U on a paper medium.

  Further, the signature input device 207 can acquire the signature D3 of the user U described in the signature area A on the back of the card C as electronic data (sign data 227 on the card C). As a method for reading the signature D3, for example, the user U may scan the card C using a scanner or a camera provided in the signature input device 207.

  The signature input device 207 sends the signature data 227 on the card C to the processing device 212.

  The biometric data acquisition device 208 acquires the biometric data 206 of the user U at the time of card settlement as electronic data, and sends the biometric data 206 to the processing device 212 of the card terminal 209.

  In the present embodiment, the signature input device 207 and the biometric data acquisition device 208 do not need to be separate devices, and may be realized as one device. In this case, the data sent to the processing device 212 does not have to be distinguished whether it is biometric data or signature data.

  The processing device 212 automatically determines whether or not the biometric data 206 of the user U at the time of settlement is read by the biometric data acquisition device 208 and whether or not the signature data 214 of the user U is read by the signature input device 207. Determine.

  The processing device 212 creates the payment data 215 and sends the payment data 215 to the communication device 213. The settlement data 215 will be described later with reference to FIGS.

  Note that the processing device 212 controls a series of card authentication processes in the card terminal 209. Details of various authentication processes executed by the processing device 212 will be described later with reference to FIG.

  When the biometric data acquisition device 208 does not acquire the biometric data 206, the processing device 212 reads at least one of the user ID and the card ID read from the magnetic storage medium T1 of the card C and the signature data 214. May be stored in the database DB in association with the payment amount.

  The communication device 213 transmits the settlement data 215 to the acquirer server 216 via the network. Thereafter, the settlement data 215 is transmitted, for example, from the acquirer server 216 to the card brand server 217, and from the card brand server 217 to the issuer server 218. For example, the communication device 213 transmits the settlement data 215 to the issuer server. The communication device 213 may transmit the settlement data 215 to the issuer server 218 via one of the acquirer server 216 and the card brand server 217.

  Further, the communication device 213 receives the credit result data 219 from the issuer server 218 via the card brand server 217 and the acquirer 216, and sends the received credit result data 219 to the processing device 212. For example, the issuer server 218 transmits the credit result data 219 to the card settlement terminal 200 as a destination. The issuer server 218 may transmit the credit result data 219 to the card settlement terminal 200 via one of the acquirer server 216 and the card brand server 217. The processing device 212 determines settlement completion or settlement failure based on the credit result data 219. Details of the credit result data 219 will be described later with reference to FIG.

  The database DB is included in, for example, a terminal installed in a member store, and stores data used by the member store in past transactions with customers. This data is stored with a transaction ID 220 for each transaction with a customer, for example, and is stored with a customer ID 221, transaction data 222 including an item name and an amount, shipping data 223 including a shipping destination and date and time of an item, and a card. And the settlement / authentication data 224 including the information on the payment and the payment amount. The settlement / authentication data 224 includes card information 225, payment amount 226, and, in the case of biometric authentication, a person to be authenticated (user to be authenticated) ID 228.

  The card information 225 stores, among the data included in the card data D acquired by the card data read / write device 210, information necessary for the member store.

  The settlement / authentication data 224 includes the same contents as the settlement data 215 transmitted from the card terminal 209 to the server 216 except for the part to be authenticated 228, but the two do not have to match. Further, the transaction data 222, the shipping data 223, and the settlement / authentication data 224 may include other information different from the information described above.

  The database DB is connected to the card terminal 209, and can transmit and receive data to and from the card terminal 209 via a database interface provided in the processing device 212 of the card terminal 209, for example.

  FIG. 8 is a data structure diagram illustrating a first example of the payment data 215 according to the present embodiment. The payment data 215a is created when communication is performed between the card terminal 209 and the server 216. The payment data 215a is basically the payment data 215a in FIG. 8, but may be any of the payment data 215b in FIG. 9 and the payment data 215c in FIG. 10 depending on the situation.

  The payment data 215a includes a card number 201, an expiration date 202, a name 203, a payment amount 226, a payment method 229, member store information 230, and the like, but may include other information.

  The member store information 230 includes information for specifying the member store, such as the name, address, or business type of the member store.

  FIG. 9 is a data structure diagram illustrating a second example of the payment data 215 according to the present embodiment.

  When the acquisition of the biometric data 206 of the user U has been completed but the biometric data 205 is not included in the card data D, the card terminal 209 executes the settlement in order to execute biometric authentication in any of the servers 216 to 218. The payment data 215b is created by adding the biometric data 206 to the data 215a, and the payment data 5b is transmitted to the server 216.

  When the server 216 or the server 217 receives the settlement data 215b, the server 216 or the server 217 determines whether or not biometric data to be compared with the biometric data 206 is stored. When the server 216 or the server 217 stores biometric data for matching with the biometric data 206, the server 216 or the server 217 performs processing based on the biometric data 215b included in the settlement data 215b and the stored biometric data. Perform collation. When the server 216 or the server 217 does not store the biometric data for matching with the biometric data 206, the server 216 or the server 217 transmits the settlement data 215b to the server 217 or the server 218.

  FIG. 10 is a data structure diagram illustrating a third example of the payment data 215 according to the present embodiment.

  The card terminal 209, the server 216, or the server 217 includes the biometric data 205 stored in the card C, the biometric data stored in the server 216, or the biometric data stored in the server 217, and the biometric data 206. In the case where biometric authentication is successful, payment data 215c including authentication success notification 231 is created instead of biometric data 206 of payment data 215b in FIG. Then, the card terminal 209, the server 216, or the server 217 transmits the payment data 215c to the server 216, the server 217, or the server 218.

  The authentication success notification 231 includes an authentication executor ID 232 that specifies a person who has performed biometric authentication, and a authenticatee ID 233 that specifies a person who has been biometrically authenticated.

  When the biometric authentication is successful in the processing device 212, the authentication executor ID 232 may be, for example, the ID of a member store using the card payment terminal 200, the ID of the card payment terminal 200, account information of the member store, and the like.

  When the biometric authentication is successful in the server 216 or the server 217, the authentication executor ID 232 may be, for example, an acquirer ID for managing and operating the server 216 or a card brand ID for managing and operating the server 217.

  The subject ID 233 may be, for example, a unique ID or a name as long as the authenticated person can be identified.

  Note that if the biometric authentication based on the comparison between the biometric data 206 and the biometric data 205 in the card payment terminal 200 fails, the payment is not established at this point, and communication with the server 216, the server 217, or the server 218 is unnecessary. Yes, the payment data 215 need not be created.

  FIG. 11 is a diagram illustrating an example of the credit result data 219 according to the present embodiment.

  The credit result data 219 includes a credit result 234 and a biometric authentication execution flag 235. The credit result data 219 further includes the subject ID 236 when the biometric authentication is executed and the biometric authentication is successful.

  The credit result 234 indicates whether the credit result is OK or NG, and may be represented by a 1-bit flag, for example.

  The biometric authentication execution flag 235 indicates whether or not biometric authentication has been performed, and may be represented by, for example, a 1-bit flag.

  The authenticated person ID 236 indicates to which authenticated person the credit result data 219 corresponds. Further, the authentication result ID 236 makes it possible to associate the credit result data 219 with which settlement data 215.

  FIG. 12 is a flowchart illustrating the processing of the card payment terminal 200.

  In step S1201, the power of the card settlement terminal 200 is turned on at the member store, and the biometric data acquisition device 208, the signature input device 207, and the card terminal 209 wait for input.

  In step S1202, the card terminal 209 performs a payment receiving process using the payment receiving device 211. For example, in the payment receiving process, a payment amount and a payment method of a product or service are received.

  In step S1203, the card terminal 209 executes a card data reading process using the card data reading / writing device 210. For example, in the card data reading process, the data storage area for the card data D is initialized, and the reading of the card data D is performed. When the card data D is read, the card data D is stored in the data storage area for the card data D. For example, if reading of the card data D has failed for a predetermined number of times such as three times, an error is displayed.

  In step S1204, the card terminal 209 executes a process of acquiring the signature data 214 or the biometric data 206 using the signature input device 207 or the biometric data acquisition device 208. For example, a data storage area reserved for the signature data 214 or the biometric data 206 is initialized, and the acquired data is stored in the data storage area.

  In step S1205, the card terminal 209 performs an automatic determination process as to whether the acquired data is signature data or biometric data. The determination process may be performed, for example, by recognizing a feature or a pattern of each data. For example, in the case of fingerprint data, the acquired data is image data, and has a feature that many layered lines exist on an image. For example, in the case of finger vein data, two-dimensional data relating to time and amplitude is acquired, and the amplitude has a characteristic of indicating a beat at regular intervals. In the case of signature data, for example, the acquired data is image data, and has a characteristic represented by linear characters or figures.

  If it is determined in step S1205 that the acquired data is signature data, in step S1206, the card terminal 209 performs signature data collation processing. Details of the signature data collation processing will be described later with reference to FIG.

  If it is determined in step S1205 that the acquired data is biometric data, the card terminal 209 performs biometric authentication processing in step S1207.

  In step S1208, the card terminal 209 creates the payment data 215, transmits the payment data 215 to the server 216, and receives the credit result data 219 from the server 216. If it is determined from the credit result data 219 that the settlement is not established, the transaction is canceled.

  When performing the biometric authentication in step S1207, the card terminal 209 checks whether or not the acquired card data D includes the biometric data 205.

  If the card data D does not include the biometric data 205, biometric authentication cannot be performed at the card terminal 209. In this case, after the settlement data 215b including the biometric data 206 acquired by the biometric data acquisition device 208 is sent to the server 216 in the above-described step S1208, the biometric data is sent to one of the servers 216 to 218 as described above. Authentication is performed.

  If the biometric data 205 is included in the card data D, the card terminal 209 performs biometric authentication. If the biometric authentication in the card terminal 209 fails, the payment is not established at this point. Therefore, in this case, the creation of the payment data 215, the transmission of the payment data 215 to the server 216, and the reception of the credit result data 219 from the server 216 need not be performed in step S1208.

  If the biometric data 205 stored in the card data D is for a plurality of persons, the card terminal 209 or one of the servers 216 to 218 checks the biometric data 206 acquired by the biometric data acquisition device 208 with the biometric data 206 acquired by the biometric data acquisition device 208. Until the process is completed, or until the verification is performed on all of the biometric data of the plurality of persons, the verification is performed on the biometric data of the verification candidates among the biometric data of the plurality of persons in order. When the verification is completed, the card terminal 209 or one of the servers 216 to 218 obtains the verification subject ID.

  In step 1209, the card terminal 209 registers the transaction ID 220, the transaction data 222, the shipping data 223, and the settlement / authentication data 224 in the database DB.

  If the biometric authentication is performed in step S1207 or S1208, the card terminal 209 determines whether the biometric authentication is successful in the card terminal 209 or any one of the servers 216 to 218. Then, the subject ID is stored in the database DB via.

  The biometric authentication result in any one of the servers 216 to 218 can be determined by the processing device 212 based on the credit result data 219. The processing device 212 determines whether the biometric authentication has been executed based on the biometric authentication execution flag 235 included in the credit result data 219. When it is determined that the biometric authentication has been executed, the processing device 212 confirms whether or not there is a subject ID. If there is no subject ID, it is determined that biometric authentication has failed. If there is a subject ID, it is determined that biometric authentication has succeeded.

  In step 1210, if the biometric authentication or signature data collation fails, the card terminal 209 notifies that fact. For example, the card terminal 209 may display or output a sound of biometric authentication failure or signature data collation failure from a display or a speaker included in the card payment terminal 200.

  Further, the card terminal 209 may notify the user U using a communication unit. For example, the mail address of the user U may be registered in the database DB in advance, and the processing device 23 may transmit the mail addressed to the user U using the communication device 213 with reference to the mail address in the database DB.

  If the biometric authentication is performed by any of the servers 216 to 218 and the biometric authentication fails, the notification to the user U may be performed by the server where the biometric authentication has failed.

  Further, even when the biometric authentication or the signature data collation is successful, the card terminal 209 may display the success or output the sound.

  If the card terminal 209 determines in step 1211 that the biometric authentication has failed, the card terminal 209 transmits a write instruction for the authentication failure flag 204 to the card data read / write device 210 by the processing device 212. The card data read / write device 210 writes the authentication failure flag 204 on the card C.

  If the biometric authentication fails, there is a high possibility that a third party has illegally used the card. For this reason, in the present embodiment, the card terminal 209 determines that the card C in which the authentication failure flag 204 has been written, for example, cannot be used the next time the card terminal 209 reads the card C, thereby increasing the card security.

  In step S1212, the card terminal 209 returns to step S1202 in the case of continuous use. If the card payment terminal 200 is not to be used continuously, the card payment terminal 200 turns off the power in step S1213.

  FIG. 13 is a flowchart illustrating the signature data collation processing.

  In step S1301, the signature input device 207 reads the signature D3 of the card C, and when the reading is successful, holds the signature D2 on the card C.

  If the reading of the signature D3 fails (step S1302), the signature input device 207 returns to step 1301 and reads the signature data 227 on the card C again. If the reading of the signature D3 fails more than the specified number of times (step S1303), the verification of the signature data fails, and the processing may be terminated. The determination of the failure of reading the sign D3 and the success may be made by, for example, automatically determining the sign area A on the card C by image processing or the like, and using whether or not the sign area A is normally acquired as a criterion. The processing device 212 may determine whether the reading of the signature data 227 on the card C has failed or succeeded.

  If the reading of the signature data 227 on the card C is successful in step S1302, the processing device 212 checks the signature data 227 on the card C against the signature data 214 input by the user U (step S1304).

  It is determined that the signature data 227 on the card C is similar to the signature data 214 input by the user U, and if the verification is successful, the identity has been verified and the verification processing is completed. If it is determined that the signature data 227 on the card C and the signature data 214 input by the user U are dissimilar, or if the signature data 227 on the card C cannot be obtained in step S1302, the verification fails. In step S1210 described above, a notification is made to the user.

  It is desirable that the signature data collation processing be automatically performed by an image collation technique such as pattern matching. However, other collation processing such as visual confirmation by a clerk operating the card settlement terminal 200 or the like is preferable. It may be performed by a method.

  In a card storing biometric data of a plurality of persons, that is, a card usable by a plurality of persons, the sign data changes every time when a plurality of persons use the sign input. For this reason, only a specific one of the plurality of persons may be allowed to input the signature. In a card that can be used by a plurality of persons, signature input may be disabled. For example, in the case of a card that can be used by a plurality of persons, the transaction may be stopped when the obtained data is determined to be signature data in step S1205 in FIG. May be notified to the user U, or a notification or warning to the user U may be given.

  If the signature data can be stored in the card in the same manner as the biometric data, even if the signature data is input, the authentication can be performed in the same manner as the biometric data authentication described later. Even if the card can be used, signature verification can be applied.

  In the present embodiment, the case where the card payment terminal 200 is installed at a member store of the card payment service has been described as an example, but the card payment terminal 200 is provided with the biometric data 206 or the signature data 214 of the user U and the card C of the card C. Another device that can acquire the data D may be used. For example, the card payment terminal 200 may be an information processing device having a biometric data acquisition function, a card data reading function, a payment acceptance function, a biometric authentication function, and a communication function. Each function of the information processing device may be realized by software, may be realized by hardware, or may be realized by cooperation of software and hardware. The hardware necessary to realize each function of the information processing device may be built in the information processing device or may be external to the information processing device. The purchase of the product or service according to the present embodiment may be performed at a store, or may be performed at an e-commerce site or a service providing site on a network. As the information processing device, for example, a mobile phone, a personal computer, a tablet computer, or the like is used.

  In the present embodiment, the data stored in the database DB is described as data for each customer, but the stored data may be data for each transaction. In this case, for each transaction, it is necessary to store information for specifying the customer, such as the name of the customer or the customer ID.

  In the present embodiment, the case where the data obtained from the user U at the time of card payment is only the sign data or the biometric data has been described as an example. In addition to this, a password input which is a general authentication method of card payment is required. It may be selectable.

  In the flowcharts of FIGS. 12 and 13 described above, the order of each step may be appropriately changed within a range that does not affect the processing result.

  In the present embodiment, the payment data 215, 215a to 215c may be divided into a plurality.

  Hereinafter, the effects of the present embodiment will be specifically described.

  In the present embodiment, the card payment terminal 200 supports a plurality of card authentication methods. For example, it automatically determines whether the data acquired from the user U is signature data or biometric data. As a result, the clerk of the member store, which is the operator of the payment terminal 209, can automatically proceed with the card payment processing without being conscious of the type of data to be obtained. Can be improved.

  Further, as shown in the first embodiment, it is assumed that a single card is used by a plurality of persons. In the present embodiment, when biometric authentication is executed in the card terminal 209 or any one of the servers 216 to 218, if there is a plurality of biometric data 205 included in the card data D, it is compared with the acquired data. The collation is performed on each biometric data in order until completed. When the collation is completed, the collation result is stored in the database DB. As a result, even if a card is shared and used by a plurality of persons, the person who used the card can be specified. Further, when the authentication fails, the user is notified and the card is made unusable by writing the authentication failure information to the card, thereby preventing unauthorized use of the card settlement.

  In addition, if the card C is illegally used by a third party, it is unlikely that the authentication will succeed by using a card other than the contractor in the case of biometric authentication. If so, there is a possibility that the card may be misused by anyone other than the person. Or, even if it is not an unauthorized use, there is a possibility that the card is used unintentionally by fraud or the like. In the present embodiment, when the card payment terminal 200 acquires the signature data 214 from the user U, the card payment terminal 200 checks whether or not the signature data 214 and the signature data 227 on the card C are similar to each other, thereby obtaining the acquired signature data. The validity of 214 is determined. Further, when the verification fails, the user U is notified of the fact, thereby notifying the unauthorized use of the card C. Thereby, even when the signature authentication is performed, the security of the card C can be enhanced.

  In the present embodiment, when signature data is collated by the card settlement terminal 200, the signature input device 207 reads the signature data 227 on the card C. However, when the card data reading / writing device 210 has a function of reading the signature data 227 on the card C, the card data reading / writing device 210 may read the signature data 227 on the card C.

  In the present embodiment, data relating to card payment is stored in the database DB. This eliminates the need for the store to manage the paper payment card document signed by the customer in person for a long period of time, and can greatly reduce the store management cost and labor.

[Third Embodiment]
In the third embodiment, a card payment system is configured using the card payment terminal 200 and the server 218 shown in the second embodiment. The purpose of the present card settlement system is to provide a security service for preventing unintentional card settlement beforehand, for example, for elderly, disabled, and minor users.

  The third embodiment is also applicable to the case where the multi-function card 1 described in the first embodiment is used.

  Hereinafter, an embodiment of a card settlement system according to a third embodiment will be described with reference to the drawings.

  FIG. 14 is a block diagram illustrating an example of a configuration of the card payment system according to the present embodiment. In the present embodiment, a card payment system 300 including an operator 301 and a database 302 connected to the server 218 is configured in addition to the card payment terminal 200 and the server 218 described in the second embodiment. The server 218 will be described below as an issuer server 218, but may be an acquirer server 216 or a card brand server 217.

  Payment data 215 and credit result data 219 are used for communication between the card payment terminal 200 and the server 218, and their operations and configurations are as described in the second embodiment.

  The server 218 can read data stored in the database 302 and write data.

  The database 302 includes personal information 302a of the user U required for card settlement, abnormal pattern information 302b indicating a pattern of abnormal past settlement data, and optional information included in the settlement data 215 used for past card settlement of the user U. Is stored.

  The operator 301 is an interface used when the user U sets the personal information 302a in the database 302. For example, the operator U may be an operator at a telephone port on the issuer side that performs the setting, or may be on the issuer server 218. May be a registration form dedicated to the user U provided in.

  Note that the operator 301 may be included in the server 218, or the operator 301 may not be provided if there is a means by which the user U can directly access the database 302.

  FIG. 15 is a flowchart illustrating a setting process of the personal information 302a according to the present embodiment.

  The user U registers in advance the personal information (card use condition information) 302a such as the usage limit and the settlement area relating to the card settlement in the database 302, so that when the card settlement is performed, It is possible to determine whether the payment is a card payment using the registered personal information 302a.

  The user U requests the operator 301 to set personal information 302a such as the number of times of card payment, the usage limit, or the settlement area (step S1501). The purpose of setting the settlement area is to prevent the use of the card outside the living area. For example, billing companies for fraudulent claims, consumer damage, fraud damage, etc. (hereinafter referred to as fraud damage, etc.) tend to be localized in some areas. Therefore, monitoring the settlement area is effective to prevent fraud and the like.

  Note that the user U may request the operator 301 to set additional personal information 302a as necessary.

  When receiving the request for setting the personal information 302a from the user U, the operator 301 transmits a setting command for the user information to the server 218 (step S1502).

  Upon receiving the user information setting command from the operator 301, the server 218 sets the user information in the database 302 (step S1503).

  FIG. 16 is a flowchart illustrating processing in the security service according to the present embodiment. It is assumed that the personal information 302a of the user U is set in the database 302 according to the procedure shown in FIG.

  When the user U purchases goods or services by card payment using the card payment terminal 200 installed in the member store (step S1601), the card payment terminal 200 creates the payment data 215 and sets the payment data 215 is transmitted to the server 218 (step S1602).

  The server 218 refers to the number of uses, which is the personal information 302a of the user U set in the database 302, and compares it with the actual number of uses of the user U obtained by searching the inside of the database 302 (step S1603). If the number of times the user U has used the card exceeds the set number, the server 218 determines that the card cannot be used, that is, determines that the credit result is NG, and proceeds to step S1608. Otherwise, the process moves to step S1604.

  The server 218 refers to the settlement area, which is the personal information 302a of the user U set in the database 302, and compares it with the address of the member store information 230 included in the settlement data 215 (step S1604).

  If the address of the member store information 230 is not included in the settlement area set in the database 302, the server 218 determines whether there is any suspicion of fraud or the like (step S1605). For example, when the settlement data such as past fraud damage is stored in the database 302, the settlement data such as past fraud damage is read as the abnormal pattern information 302b, and the member store information 230 and the payment amount 226 of the settlement data 215 are read. By comparing with, it may be determined whether there is a suspicion of fraud or the like. Further, for example, the payment amount 226 is compared with the usage limit set in the database 302 by the user U, and if the payment amount 226 is higher than a certain standard, it may be determined that there is a suspicion of fraud damage. .

  If it is determined in step S1605 that there is no suspicion of fraud or the like, the process proceeds to step S1608. When it is determined that there is a suspicion of fraud or the like, the server 218 checks the safety of the user (step S1606). The user U receives the safety confirmation service (step S1607). As a method of receiving the safety confirmation service, the user may make an automatic voice contact to a contact set in advance in the database 302, may automatically send an e-mail, or may contact by another means. Further, if the safety cannot be confirmed, the server 218 may transmit an automatic voice call, an automatic mail transmission, or other information to the emergency contact information of the user U, an adult guardian, or a police security company stored in the database 302, for example. Communication by means may be performed.

  In step S1608, the server 218 creates credit result data 7 in which the credit result is NG, and transmits the credit result data 7 to the card settlement terminal 200. If it is determined in step S1605 that the transaction is fraud or the like, information on the transaction in the payment data 215, that is, the payment amount 226, the member store information 230, and other necessary information in addition to these are stored in the database 302. To memorize. The card payment terminal 200 receives the credit result NG data, and the payment is not established (step S1609).

  In step S1604, when the server 218 determines that the address of the member store information 230 is within the settlement area set in the database 302, the server 218 adds the payment amount 226 of the user U of the current settlement data 215. In addition, the accumulated amount of the payment amount of the user U stored in the database 302 in the past fixed period is compared with the usage limit set in the database 302 by the user U (step S1610). If the accumulated amount is within the usage limit, the credit result is determined to be OK, and the process proceeds to step S1615. If the accumulated amount is not within the usage limit, the server 218 checks with the user U whether or not to release the usage limit restriction (step S1611).

  When the user U receives the notification of releasing the usage limit, the user U requests the operator 301 to set whether or not the usage limit can be released (step S1612).

  In step S1613, when the operator 301 receives a setting request from the user U to cancel the usage limit, and determines that the usage limit of the user U can be set to exceed the payment amount 226, It instructs the server 218 to release the limit on the usage limit of the user U. If a setting request for canceling the usage limit is not received, or if the usage limit cannot be set so as to exceed the payment amount 226, the operator 301 determines that the credit result is NG and sends the server 218 the above-described result. Is instructed to proceed to step S1608.

  When the server 218 receives the cancellation command of the usage limit from the operator 301, the server 218 sets the usage limit of the user U to be a settable amount and an amount exceeding the payment amount 226 (step S1614).

  In step S1615, the server 218 creates credit result data 219 whose credit result is OK, and transmits it to the card settlement terminal 200. Further, information that specifies the transaction of the user U and the amount thereof in the settlement data 215, that is, the card number 201, the name 203, the payment amount 226, the payment method, and other necessary information in addition to these are stored in the database 302. Remember. The card settlement terminal 200 receives the credit result OK data, and the settlement is completed (step S1616).

  In the present embodiment, personal information 302a such as the number of times of use, a limit, and a settlement area is set in the database 302, and the server 218 compares the personal information 302a stored in the database 302 or past card settlement information with the current card settlement information. By comparing the payment data 215 with the payment data 215 to determine whether credit is possible or not, it is possible to prevent card use such as unintended card use by the user U and fraud damage.

  In the present embodiment, the setting of the number of card uses performed for each user may be performed on a monthly basis or on a daily basis. Also, the conventional credit card usage limit can be set only for the entire usage limit, and the debit card or cash card usage limit is the entire bank account balance, but in this embodiment, The usage limit may be finely set according to the purpose of use of the card. For example, cash refunds of up to 20,000 yen and up to once a day, transfer of up to 30,000 yen up to twice a day, and regular shopping of up to 10,000 yen up to 3 times may be possible.

  In the present embodiment, the personal information 302a of the user U such as the number of times of use, the limit amount, and the settlement area set in the database 302 is based on the patterning of the card usage of the user U by the server 218 or the user by the server 218. The server 218 may automatically set the scoring based on the number of uses of the U card, the use interval, the store used, the purpose of use, the credit balance, and the like.

  In the flowchart of FIG. 16 described above, the order of each step is, for example, in a range in which the server 218 can compare and match the personal information 302 a stored in the database 302 or the past card payment information with the current payment data 215. If so, it may be changed as appropriate, or a single processing module may collectively perform a plurality of steps of processing.

  In the present embodiment, when the user U attempts to settle an amount equal to or larger than the usage limit set in advance, the server 218 confirms the cancellation of the usage limit with respect to the user U. As a result, it is possible to prohibit cancellation of the usage limit frame by another person who is not the user U, and also to prevent the user U from unintentionally expensive card settlement.

  Further, in the present embodiment, when it is determined that there is a suspicion of fraud damage, it is possible to strengthen the protection of the user U such as an elderly person, a disabled person, and a minor by confirming the safety of the person. it can.

  Each of the above embodiments is merely an example, and is not intended to limit the scope of the invention. Each of the above embodiments can be implemented in other various forms, and various omissions, replacements, and changes can be made without departing from the spirit of the invention. Each of the above embodiments and modifications thereof are included in the scope and gist of the invention, and are also included in the invention described in the claims and equivalents thereof.

  DESCRIPTION OF SYMBOLS 1 ... Multi-function card, 1A ... Card main body, 2 ... Integrated circuit, 3 ... Communication part, 3A ... Antenna circuit, 4 ... Processor, 5A, 5B, 5C ... Memory, 8 ... Information processing apparatus, 8A ... Card writer, 9: biometric authentication device, 9A: card reader / writer, 9B: biometric sensor, 9C: collating unit, 10: control software, 12: setting information, 13: history information, 41: control unit, 61: card settlement function, 71-7N: biological data, 111-11K: software.

Claims (11)

Comprising a memory and a processor,
The memory includes first data used in a first function for settlement, second data used in a second function different from the first function, the first function and the second function. Memorize the history information about the function of
The processor comprises:
When the user uses the first function, the user transmits the first data to the first device, and the history information in the memory includes first identification information indicating the first function and first information. Including the first information associated with the time information of
When the user uses the second function, transmits the second data to the first device or a second device different from the first device, the history information of the memory, Including second information that associates second identification information indicating the second function with second time information;
Multifunctional card. The memory stores new software;
The processor executes the new software in the memory as a new function,
The multi-function card according to claim 1. The processor transmits the first data to the first device when the user uses the first function, and receives the result data of the first function from the first device. Including, in the history information of the memory, first information in which first identification information indicating the first function, the result data, and first time information are associated with each other;
The multi-function card according to claim 1 or 2. A payment integrated circuit comprising a memory and a processor,
The memory includes first data used in a first function for settlement, second data used in a second function different from the first function, and the first function and the second data. Memorize the history information about the function of
The processor comprises:
When the user uses the first function, the first data is transmitted to the first device, and the history information in the memory includes first identification information indicating the first function and first information. Including the first information associated with the time information of
When the user uses the second function, the second data is transmitted to the first device or a second device different from the first device, and the history information of the memory includes Including second information that associates second identification information indicating the second function with second time information;
Integrated circuit. The memory stores new software;
The processor executes the new software in the memory as a new function,
An integrated circuit according to claim 4. The processor transmits the first data to the first device when the user uses the first function, and receives the result data of the first function from the first device. Including, in the history information of the memory, the first information in which the first identification information, the result data, and the first time information are associated with each other;
An integrated circuit according to claim 4 or claim 5. The memory stores the first data in association with the biometric data of the user,
The processor transmits the first data and the biometric data to the first device when the user uses the first function, and transmits the biometric data based on the biometric data from the first device. Receiving the result data including the result of the authentication, and including the first information in the history information of the memory;
An integrated circuit according to claim 6. A multi-function card circuit including a memory and a processor,
The memory includes first data used in a first function for settlement, second data used in a second function different from the first function, and the first function and the second data. Memorize the history information about the function of
The processor comprises:
When the user uses the first function, the first data is transmitted to the first device, and the history information in the memory includes first identification information indicating the first function and first information. Including the first information associated with the time information of
When the user uses the second function, transmits the second data to the first device or a second device different from the first device, the history information of the memory, Including second information that associates second identification information indicating the second function with second time information;
Multi-function card circuit. The memory stores new software;
The processor executes the new software in the memory as a new function,
The multi-function card circuit according to claim 8. The processor transmits the first data to the first device when the user uses the first function, and receives the result data of the first function from the first device. Including, in the history information of the memory, the first information in which the first identification information, the result data, and the first time information are associated with each other;
The multi-function card circuit according to claim 8 or 9. The memory stores the first data in association with the biometric data of the user,
The processor transmits the first data and the biometric data to the first device when the user uses the first function, and transmits the biometric data based on the biometric data from the first device. Receiving the result data including the result of the authentication, and including the first information in the history information of the memory;
The multi-function card circuit according to claim 10.

Images