JP3493024B1 - Information processing system and information processing method - Google Patents

Abstract

A mobile phone can be used as a substitute for a card while improving security by realizing an effective unauthorized use prevention function with a simple configuration without greatly changing an existing system. An object of the present invention is to improve the convenience of a user, such as making it available in a store or the like, and the confidentiality of the user's personal information. An information processing system according to the present invention receives user information from a mobile phone 1, adds time information to card number information corresponding to the user information, and encrypts the card number information to generate encrypted information. A server 2 that returns a reply to the mobile phone 1; obtains the encryption information of the mobile phone 1; decrypts the encryption information; determines the validity of the card number information based on the time information; And an information reading device 8 that proceeds with a predetermined settlement process when it is determined that

Description

Detailed Description of the Invention

[0001]

BACKGROUND OF THE INVENTION 1. Field of the Invention The present invention relates to, for example, a system and method for processing information such as payment, especially when a user purchases a product at a member store such as a store or receives a service. In addition, the present invention relates to an information processing system and an information processing method that prevent leakage of personal information of the user and enhance confidentiality when performing payment or the like related to payment of the product etc.

[0002]

2. Description of the Related Art Conventionally, when a user purchases a product or receives a service at a store or the like, it is generally performed to make a payment using a credit card or the like owned by a user. FIG. 10 shows and describes a configuration of a payment system as an information processing system according to the related art. This settlement system includes a user's information storage medium 200, an information reading device 201 installed in a member store, and a server 202 of a credit sales company.

Under such a configuration, the user can store information in the information storage medium 200 such as a credit card at a member store such as a store.
Is presented, the information reading unit 201 of the information reading device 201
a reads the information A stored in the information storage unit 200a in the information storage medium 200, and the transmission / reception unit 201b
Is transmitted to the server 202 side via. In this way, in the server 202, the internal transmission / reception unit 202a receives the information A, and the charging processing unit 202b performs a predetermined charging process.

On the other hand, today, with the spread of mobile phones and the Internet, E-commerce and M-commerce have become popular, and the W of the Internet has become popular.
Various services are also provided through the eb page. One of such services is a "ticketless service" using a mobile terminal. This is because instead of the conventional ticket issued on a paper basis, an electronic mail is transmitted to the mobile terminal, or identification information is transmitted from the Web server to the mobile terminal. It is used for identification based on the information displayed on the screen, and is used for movies, travel tickets, coupons, and the like. Furthermore, through the Internet
"Internet shopping" to shop on
The use of “mobile shopping” using mobile terminals and mobile terminals is also increasing, but in such services, payments are made via the Internet.

When the above settlement is performed,
In order to prevent copying or copying, which is a drawback of digital information, it is also common to encrypt information transmitted via the Internet by, for example, a public key system or a bar code system.

[0006] For example, Japanese Patent Laid-Open No. 2001-5883 discloses a technique relating to a settlement system. That is,
In this payment system, the mobile terminal displays a barcode pattern on the display based on the barcode information transmitted from the authentication server. Then, the bar code reader connected to the POS register of the store reads the bar code pattern and transmits the acquired information to the settlement controller. In this way, the payment controller makes payment based on the information.

[0007]

However, although the movie tickets, electronic coupons, etc. targeted by the above ticketless service cannot be reused once used, there are few problems, but the above-mentioned Internet shopping is not a problem. Information related to the user's credit card number, etc. entered in mobile shopping and mobile shopping is reusable, and there is a possibility that it will be illegally used if the information leaks during the process of transmission and reception via the Internet. Therefore, further improvement in terms of security is desired.

Further, in the above mobile shopping,
Since it is only possible to shop at a member store that subscribes to the service, it is less convenient than payment by credit card, which is widely used among users.

Further, in the technology related to the settlement system disclosed in the above-mentioned Japanese Patent Laid-Open No. 2001-5883,
Although the bar code system is adopted to enhance the security of information, it does not take into consideration that the information related to credit card numbers, etc., can be reused. Therefore, when the mobile terminal is lost, etc. There is no suggestion or disclosure regarding measures against unauthorized use in the.

The present invention has been made in view of the above problems, and an object of the present invention is to provide an effective unauthorized use prevention function by simply adding a simple configuration without largely changing the existing system. It is to improve the convenience of the user and the confidentiality of the personal information of the user, such as enabling the user to use the mobile phone as a substitute for a card in a store while improving security.

[0011]

In order to achieve the above object, the invention of claim 1 receives user information from a portable terminal, and provides secret information and a first secret code corresponding to the user information. To generate additional information by performing a reversible operation, generate a second common key based on the first common key information and the first secret code stored in advance, and add the second common key using the second common key. A server that encrypts information to generate encrypted information, returns the encrypted information to the mobile terminal, and receives a second personal identification code, and receives the second personal identification code and the first accumulated personal identification code.
The third common key information is generated based on the common key information, the cryptographic information from the mobile terminal is received, the cryptographic information is decrypted by the third common key, and the secret information and the third secret code are obtained by inverse calculation. And an information reading device that performs a predetermined process by separating the code into three codes and determining that the secret information is valid when the third secret code and the second secret code match. This is an information processing system. According to the second aspect of the present invention, the user information is received from the mobile terminal, and the additional information is obtained by performing a reversible operation on the secret information corresponding to the user information, the first password and the first time information. A second common key is generated based on the first common key information that has been generated and stored in advance and the above-mentioned first personal identification code, and the above-mentioned additional information is encrypted by the second common key to generate cryptographic information. A server that sends back the cryptographic information to the mobile terminal and a second password input are received, and third common key information is generated based on the second password and the first common key information stored in advance. The cryptographic information from the mobile terminal is received, the cryptographic information is decrypted by the third common key, and the confidential information, the third secret code, and the second secret code are obtained by inverse calculation.
The secret information is separated into time information, the validity of the secret information is judged based on the comparison result of the third secret code and the second secret code, and the second time information, and the secret information is valid. And an information reading device that performs a predetermined process when it is determined that the information processing system is an information processing system. According to a third aspect of the present invention, the information reading device further includes a reading unit that optically reads a display based on the encryption information of the mobile phone, and the encryption information stored in the mobile phone by the optical reading by the reading unit. The present invention provides the information processing system according to claim 1 or 2, further characterized by: According to a fourth aspect of the present invention, the information reading apparatus further includes a wireless communication unit that wirelessly communicates with the mobile phone, and obtains the cryptographic information stored in the mobile phone by wireless communication by the wireless communication unit. The information processing system according to claim 1 or 2, which is characterized by the following. The invention of claim 5 is an information processing method by an information processing system having at least a server and an information reading device,
Server receives the user information from the portable terminal, the at the confidential information and the first personal identification code corresponding to the user information to implement a reversible operation to generate additional information, which is prestored 1 A second key based on the common key information and the first password.
Generating a common key, encrypts the additional information to generate the encryption information by the second common key, the encryption information to reply to the mobile terminal, information reading apparatus, receives the second cipher code, The third common key information is generated based on the second secret code and the first common key information stored in advance, the cryptographic information from the mobile terminal is received, and the cryptographic information is decrypted by the third common key. The secret information and the third information
Separated from the secret code, the third secret code and the second secret code
When the secret code matches, the secret information is determined to be valid and a predetermined process is performed, which is an information processing method. According to a sixth aspect of the present invention, in an information processing method by an information processing system having at least a server and an information reading device, the server receives user information from a mobile terminal , and secret information corresponding to the user information and 1 PIN code and 1st time information perform reversible calculation, additional information is generated, 1st which is accumulated beforehand
A second common key is generated based on the common key information and the first secret code, the additional information is encrypted by the second common key to generate cryptographic information, and the cryptographic information is returned to the mobile terminal. , information reading apparatus, receives the second security code, and generates a third common key information based on the first common key information previously accumulated with the second personal identification code, the encryption information from the mobile terminal Is received, the cryptographic information is decrypted by the third common key, and the secret information and the third information are decrypted by the inverse calculation.
The secret code and the second time information are separated, and the validity of the secret information is judged based on the comparison result of the third secret code and the second secret code and the second time information, and the secret code is obtained. The information processing method is characterized by performing a predetermined process when it is determined that the information is valid. The invention of claim 7 further comprises the step of obtaining the cryptographic information stored in the mobile phone by optically reading the display of the mobile phone by the reading means of the information reading device. The information processing method according to any one of 6 above. The invention according to claim 8 further comprises the step of obtaining encryption information stored in the mobile phone by wireless communication with the mobile phone by the wireless communication means of the information reading device. Or the information processing method described in any one of 6 above.

[0012]

[0013]

[0014]

[0015]

[0016]

[0017]

[0018]

[0019]

[0020]

[0021]

[0022]

[0023]

[0024]

[0025]

[0026]

[0027]

[0028]

[0029]

BEST MODE FOR CARRYING OUT THE INVENTION Embodiments of the present invention will be described below with reference to the drawings.

First, FIG. 1 shows a schematic configuration of an information processing system according to an embodiment of the present invention and outlines it. That is,
Here, a configuration and an operation common to the information processing system and the information processing method according to the first to third embodiments described later will be described.

As shown in FIG. 1A, the mobile phone 1 is communicably connected to a server 2 of a service provider via a network 4 such as the Internet, and the server 2 is a server 3a of a credit sales company. , 3b ... and dedicated line 5
are connected via a, 5b ... With the above configuration, the process of displaying the encrypted card number in the mobile phone 1 as a two-dimensional bar code is realized.

In the following, the server 3a shown in FIG.
3b ... are collectively referred to by the reference numeral 3, and the dedicated lines 5a and 5b are collectively referred to by the reference numeral 5 to further explain the description.

In such a configuration, the mobile phone 1
Transmits user information to the server 2 via the network 4. When the server 2 receives this user information,
The card number information corresponding to the user information is acquired by referring to the user information storage database 18. If the server 2 does not have the user information storage database 18, the card number information of the user is acquired by communicating with the server 3 of the credit company via the leased line 5. Subsequently, the server 2 adds time information to the card number information and then encrypts the card number information to generate encrypted information. Further, this cryptographic information is converted into two-dimensional data, and the two-dimensional data is returned to the mobile phone 1 side via the network 4. When the mobile phone 1 receives the two-dimensional data, the mobile phone 1 displays the two-dimensional bar code or the like. Alternatively, the encrypted information is stored and wirelessly communicates with the information reading device 8 as described later. Incidentally, as described above, it is also possible to adopt a method of separately storing the time information in the storage means and using it for the validity confirmation, without adding the time information.

On the other hand, as shown in FIG. 1B, the bar code reader 6 is connected to the information reading device 8 of the member store via the conversion unit 7. This information reading device 8 is connected to the server 3 of the credit company via the leased lines 10a, 10b.
It is connected to x, 3y ... It is also possible to employ a wireless communication unit 9 that realizes wireless communication with the mobile phone 1, instead of or together with the configurations of the barcode reader 6 and the conversion unit 7. When such a wireless communication unit 9 is adopted, the same type of configuration is required on the mobile phone 1 side. With the above configuration, information processing such as payment based on the two-dimensional barcode displayed on the mobile phone 1 is realized.

In the following, the server 3x of FIG. 1 (b),
3y ... are also collectively referred to by reference numeral 3 and are dedicated lines 10a and 10b.
Are collectively referred to by reference numeral 10 and the description will be further advanced. However, the servers 3x and 3y may be servers different from the above servers 3a and 3b.

In such a structure, when the user presents the mobile phone 1 displaying a two-dimensional bar code at a member store such as a store, the bar code reader 6 reads the two-dimensional bar code, and the conversion section 7 is operated. The two-dimensional bar code is converted into encryption information, card number information and time information, and it is determined whether the time information is valid. When the conversion unit 7 determines that the time information is valid, the conversion unit 7 transmits the card number information to the information reading device 8 side.
Then, the information reading device 8 sends the card number information to the private line 1
0 to the server 3 of the credit sales company. Thus
The server 3 performs a predetermined charging process based on the information related to the card number and the like.

When the wireless communication unit 9 is adopted, the mobile phone 1 transmits the encryption information to the wireless communication unit 9 by wireless communication. Upon receiving the encryption information, the wireless communication unit 9 decrypts the encryption information into card number information and time information, and determines whether the time information is valid. After that, the same processing as described above is performed.

As described above, in the information processing system and method according to the embodiment, the confidentiality of the information is enhanced by adding the time information to the card number information, encrypting it, and further converting it into two-dimensional data. There is. In addition, at the time of payment, the validity of the information is determined based on the time information, so that the unauthorized use at the time of loss is prevented.

[0039]

The secret information corresponds to the above card number information and the like. The reading means corresponds to the barcode reader 6 and the converter 7, etc., and the wireless communication means corresponds to the wireless communication unit 9 etc. However, it is not limited to these.

Hereinafter, the information processing system and the information processing method according to the first embodiment of the present invention will be described in more detail based on such characteristic points.

First, the configuration of the information processing system according to the first embodiment is shown in FIG. 2 and will be described. As shown in FIG. 2, this information processing system includes a mobile phone 1 of a service user, a server 2 of a service provider, a two-dimensional information reading device 54 and an information reading device 8 of a member store such as a store, a credit company. Server 3 of. Here, FIG.
2D information reading device 54 is a component including the barcode reader 6 and the converter 7 in FIG. 1B.

Hereinafter, each of these components will be described in more detail.

First, the user's mobile phone 1 controls the overall control unit 15, the ID / PW input unit 11, the service selection unit 12, the two-dimensional data storage unit 13, the two-dimensional data display unit 14, and the transmission / reception unit. 16 are communicably connected and configured.

In such a configuration, the control section 15
It consists of a CPU and the like. The ID / PW input unit 11 is for the user to input his / her own ID, PW, etc., and the service selection unit 12 is for the user to select a desired service from the selection branches. Is. This ID / PW
As the input unit 11 and the service selection unit 12, for example, operation keys or the like can be adopted. The two-dimensional data storage unit 13 is for storing the two-dimensional data transmitted from the server 2 of the service provider, and includes a memory or the like. The two-dimensional data display unit 14 is for displaying the two-dimensional data accumulated in the two-dimensional data accumulating unit 13, and may be a liquid crystal display unit or the like.
The transmission / reception unit 16 is for realizing wireless communication with the server 2 or the like of the service provider. Although the mobile phone 1 is taken as an example here, the present invention is not limited to this, and a mobile terminal such as a PDA (Personal Digital Assistant) or a notebook personal computer can also be adopted.

On the other hand, the server 2 of the service provider has a control unit 19 having at least an authentication unit 20, a service selection unit 21, a time information addition unit 22, an encryption unit 23 and a two-dimensional data conversion unit 24, and a two-dimensional control unit. Data storage unit 25 and transmission / reception unit 1
7 and the user information storage DB 18 are communicably connected and configured.

In such a configuration, the transmitting / receiving section 17
Is for communicating with the user's mobile phone 1 or the like. The user information storage DB 18 stores the user ID and P
It is a database for storing W, mobile phone numbers, and card numbers corresponding to these (see FIG. 5).
Here, it is assumed that these various types of information are registered in advance by the user. The authentication unit 20 is for performing a predetermined authentication for the user. Service selection unit 2
1 is for reading the user's card number information A from the user information storage DB 18 based on the information input by the service selection unit 12 of the mobile phone 1. The time information adding unit 22 is for adding the time information T to the information A. The encryption unit 23 is for generating the encrypted information (A + T) by encrypting the information after the addition with the encryption key by the public key method or the like. Then, the two-dimensional data conversion unit 24 uses the encryption information (A + T).
Is further converted into two-dimensional data [A + T], and the two-dimensional data storage unit 25 stores the two-dimensional data [A + T].
T], and is composed of a memory or the like.

On the other hand, the two-dimensional information reading device 54 of the member store
Is a two-dimensional data reading unit 26, a two-dimensional data analysis unit 2
7, a decoding unit 28, and a time information determination unit 29. This 2
The dimensional data reading unit 26 and the two-dimensional data analyzing unit 27 correspond to the barcode reader 6 of FIG. 1B, and the decoding unit 28.
The time information determination unit 29 corresponds to the conversion unit 7.

The information reading device 8 of the member store has an information reading unit 30 and a transmitting / receiving unit 31. Information reader 8
For example, a POS terminal or the like can be adopted.

In such a configuration, the two-dimensional data reading unit 26 is for reading the two-dimensional data [A + T] displayed on the two-dimensional data display unit 14 of the mobile phone 1 by, for example, an optical means. is there. The two-dimensional data analysis unit 27 uses this two-dimensional data [A + T] as the encryption information (A +
T).

Then, the decryption unit 28 uses the encryption information (A +
This is for decrypting T) into information before encryption with a decryption key. Further, the time information determination unit 29 is for reading time information from the information before encryption and determining whether the information is valid. Further, the information reading section 30 is for extracting the card number information A from the information before the encryption. Then, the transmitter / receiver 31
This is for transmitting the card number information A to the server 3 of the credit sales company.

On the other hand, the server 3 of the credit sales company also has a function as a settlement system, and is composed of a transmitting / receiving unit 32 and a billing processing unit 33.

Since a publicly known technique can be adopted as the server 3, a detailed description thereof will be omitted, but the transmitting / receiving unit 32 receives the card number information A transmitted from the information reading device 8 of the member store. It is for. The billing processor 33 is for billing the user based on the card number information A.

Hereinafter, with reference to the flowchart of FIG.
The processing by the information processing system according to the first embodiment having the above-described configuration will be described in detail. Note that this processing also corresponds to the information processing method according to the first embodiment of the present invention.

When a series of processing by this information processing system is started, first, the ID of the mobile phone 1 is set by the user.
When the / PW input unit 11 or the service selection unit 12 is operated and the URL of the website of the service provider is input,
Under control of the control unit 15, the mobile phone 1 accesses the server 2 (the above URL) of the service provider via the transmission / reception unit 16 and the network 4 (step S1).

When the server 2 of the service provider receives the access from the mobile phone 1 through the transmission / reception unit 17, the file related to the PW input screen is read from the DB (not shown) under the control of the control unit 19. The data is transmitted to the mobile phone 1 via the transmission / reception unit 17 and the network 4 (step S2). The mobile phone 1 uses the transmitter / receiver unit 16 for PW.
When the file related to the input screen is received, the PW input screen is displayed on the two-dimensional data display unit 14 under the control of the control unit 15 (step S3).

The appearance of this PW input screen is shown in FIG.
This is as shown in (a).

That is, on the PW input screen 100, a comment "Please input the authentication information" prompting the user to input the authentication information, the PW input area 100a in which the PW should be input, and the transmission instruction are given. Send instruction button 100 for
b is displayed. Of course, the PW input screen 100 is not limited to this. That is, for example, an ID input area or the like can be appropriately incorporated in the PW input screen 100.

In this way, when the user operates the ID / PW input section 11 to input the PW in the PW input area 100a and selects the send button 100b, the portable telephone 1 is controlled by the control section 15. Below, the PW information is transmitted to the server 2 of the service provider via the transmitting / receiving unit 16 and the network 4 (step S4).

The server 2 of the service provider has the transmitting / receiving unit 1
When the authentication unit 20 receives the PW information, the authentication unit 20 performs a predetermined authentication process based on the PW information (step S5). When it is determined that the authentication is established, the file related to the card selection screen is subsequently deleted. Read from the DB shown,
Under the control of the control unit 19, the data is transmitted to the mobile phone 1 via the transmission / reception unit 17 and the network 4 (step S
6).

Thus, in the mobile phone 1, the transmitting / receiving unit 1
When 6 receives the file relating to the card selection screen from the server 2, the two-dimensional data display unit 14 displays the card selection screen under the control of the control unit 15 (step S7).

The state of this card selection screen is shown in FIG.
This is as shown in (b).

That is, on this card selection screen 101, a comment "Please select the card type." Prompting the user to select the card type and the option to actually select the card (this example Then, a card selection area 101a showing three options) and a transmission instruction button 101b for instructing transmission are displayed. It goes without saying that the card selection screen 101 is not limited to this.

Subsequently, the user inputs the ID / PW input unit 1
1 is operated, the desired card is selected in the card selection area 101a, and the send button 101b is selected, the mobile phone 1 is controlled by the control unit 15 and the information related to the card selection (hereinafter Personal information) will be transmitted to the server 2 of the service provider via the transmission / reception unit 16 and the network 4 (step S8).

When the transmitter / receiver 17 receives the user information, the server 2 of the service provider reads the card number information A corresponding to the user information from the user information storage DB 18. Here, the server 2 stores the user information storage DB.
When not having 18, the following method is adopted. That is, the server 2 transmits the user information to the server 3 of the credit sales company via the leased line 5 (step S9). Then server 3
Reads the card number information A corresponding to the user information and sends it back to the server 2 side via the leased line 5 (step S10). In the first embodiment, the card number information A corresponding to the user information is obtained by any of these methods.
Will be obtained.

Then, in the server 2 of the service provider,
The time information adding unit 22 adds time information T to the card number information A to generate additional information A + T, and the encryption unit 23
However, the additional information A + T is encrypted with an encryption key by a public key method or the like to generate encryption information (A + T). Then, the two-dimensional data conversion unit 24 uses the encryption information (A + T).
Is further converted into two-dimensional data [A + T], and the two-dimensional data storage unit 25 stores this two-dimensional data [A + T] (step S11). Thus, the server 2 under the control of the control unit 19 generates the generated two-dimensional data [A + T].
Is transmitted to the mobile phone 1 of the user via the transmission / reception unit 17 and the network 4 (step S12).

When the transceiver 16 receives the two-dimensional data [A + T], the mobile phone 1 stores the two-dimensional data [A + T] in the two-dimensional data storage 13. Then, the control unit 15 reads the two-dimensional data [A + T] and displays the two-dimensional data display screen on the two-dimensional data display unit 14 (step S13).

The two-dimensional data display screen is as shown in FIG. 4 (c).

In other words, in this display example, the two-dimensional data display screen 102 indicates, for example, an operation after the completion of the authentication, “Authentication was successful. Please present the following two-dimensional bar code to the member store. And the two-dimensional barcode 102a are displayed. The two-dimensional data display screen 102 is not limited to this example.

That is, for example, the comment suggesting the operation of completing the authentication is not limited to the above example, and
It is also possible not to display.

Thus, when the user visits a member store such as a store and presents the mobile phone 1 at the member store (step S14), the two-dimensional information reading device 54 of the member store 2
The two-dimensional data reading unit 26 reads the two-dimensional data [A + T] displayed on the two-dimensional data display unit 14 of the mobile phone 1 (step S15). The two-dimensional data analysis unit 27 converts this two-dimensional data [A + T] into encryption information (A + T), and the decryption unit 28 further decrypts the encryption information (A + T) into additional information A + T before encryption with a decryption key. . And
The time information determination unit 29 determines the validity of the information based on the time information T included in this information A + T (step S).
16). In the information processing system and method according to the first embodiment, the time information determination unit 29 includes the decoding unit 28.
If the timing (time) of decoding by is earlier than the time related to the time information T, it is determined that the information is valid.
However, it goes without saying that the determination method is not limited to this.

In this way, when the time information judging section 29 judges that the information is valid, the information reading section 30 transmits the card number information A to the server 3 of the credit sales company via the transmitting / receiving section 31 (step S17). ). In the server 3, the transmitting / receiving unit 32 receives the card number information A, and the billing processing unit 33
A predetermined billing process is performed at (step S18). A publicly known technique can be adopted for this billing process, and thus a detailed description thereof will be omitted. With the above, a series of processes related to the payment process is completed.

Here, the stored contents of the user information storage DB 18 in the server 2 of the service provider are shown in FIG. As shown in FIG. 5, the mobile phone number of the user, PW, card number information of a plurality of cards 1, 2, 3, ... Based on the input related to this card number information, FIG.
The display mode of the card selection screen 101 previously shown in (b) is changed. That is, for example, when the card number information is input as shown in FIG. 6, "AAAA", "BBBB", "C" are displayed in the card selection area 104a as shown in FIG.
The card selection screen 104 in which "CCC" is displayed is displayed. Such customization is set in advance by the user communicating with the mobile phone 1 and the server 2. The screen customized by the server 2 of the service provider in response to the request from the user's mobile phone 1 is not limited to the card selection screen 101, but selection screens for various services may be provided. Of course you can. In this case, the service provider will appropriately store the information related to the selection in the user information storage DB 18.

As described above, in the information processing system and method according to the first embodiment of the present invention, data is transmitted from the mobile phone 1 to the server 2 of the service provider via the network 4 such as the Internet. Is only the information related to the user's mobile phone number, etc., and the card number information is not exchanged as it is, but is encrypted from the server 2 to a two-dimensional data and only converted from the mobile phone to the mobile phone. However, the confidentiality of the card number information is maintained. In addition, since the card number information is encrypted (one-time) after being added with the time information and is further converted into two-dimensional data, the card number information having a reusable characteristic cannot be reused. Security can be further improved by being able to communicate and maintain in the. That is, the two-dimensional data is OTCN (On
e Time Card Number), which prevents unauthorized copying and makes it impossible to generate fake barcodes. Further, at the member store, the service can be provided by simply adding the bar code reader 6 and the converter 7 to the information reading device 8 such as a POS register, which has been conventionally provided. It is possible to continue using it, reducing the capital investment burden,
It is expected that shops in a wide range of fields will subscribe to the service. Then, the user does not need to carry a plurality of credit cards and the like, and can enjoy the service using the plurality of credit cards and the like only with the mobile phone, so that the convenience and the utilization rate are improved.

Next, the information processing system and the information processing method according to the second embodiment of the present invention will be described in more detail based on the above-mentioned characteristic points.

First, FIG. 7 shows the configuration of the information processing system according to the second embodiment, and will be described. As shown in FIG. 7, this information processing system includes a mobile phone 51 of a service user, a server 52 of a service provider, a wireless communication device 53 and an information reading device 8 of a member store such as a store, and a server of a credit sales company. It consists of three. Here, the same configurations as those in FIGS. 1 and 2 are given, but the wireless communication device 53 is a component corresponding to the wireless communication unit 9 in FIG. 1B.

Hereinafter, each of these components will be described in more detail.

First, the mobile phone 51 of the user includes the control unit 15, the ID / PW input unit 11, the service selection unit 12, the data storage unit 40, the short distance data communication unit 41, and the short distance data communication instruction unit 42. Connected and configured to communicate freely.

In such a configuration, the control section 15
It is responsible for overall control and is composed of a CPU and the like. ID
The / PW input unit 11 is for the user to input his own ID, PW, etc., and the service selection unit 12 is for the user to select a desired service from the selection branches. As the ID / PW input unit 11 and the service selection unit 12, for example, operation keys or the like can be adopted. The data storage unit 40 is the server 2 of the service provider.
It stores the cryptographic information and the like transmitted from, and is composed of a memory and the like. The short-range data communication unit 41 performs wireless communication with the short-range data communication unit 43 in the wireless communication device 53 of the member store, for example, Bluetooth, IrDA, RFI.
It consists of D etc. The short distance data communication instructing unit 42 is for instructing communication by the short distance data communication unit 41. Although the mobile phone 1 is taken as an example here, the present invention is not limited to this, and a PDA (Personal Digital Assist) is used.
It is of course possible to adopt an ant), a laptop computer, or the like.

On the other hand, the server 52 of the service provider has the transmission / reception unit 17, the user information storage DB 18, the authentication unit 20, the service selection unit 21, the time information addition unit 22, and the encryption unit 23.
And so on. The authentication unit 20, the service selection unit 21, the time information addition unit 22, and the encryption unit 23 are all included in the control unit 19.

In such a configuration, the transmitting / receiving section 1
Reference numeral 7 is for communicating with the user's mobile phone 51 or the like. The user information storage DB 18 is the user ID
And PW, mobile phone numbers, and card numbers corresponding to these, etc. (see FIG. 5). Then, the authentication unit 20 is for performing a predetermined authentication for the user. The service selection unit 21 is for reading the user's card number information A from the user information storage DB 18 based on the information input by the service selection unit 12 of the mobile phone 1. The time information adding unit 22 is for adding the time information T to the information A. Then, the encryption unit 23 uses the information A + T after the time information T is added by, for example, the public key method.
Is encrypted with an encryption key to generate encryption information (A + T).

On the other hand, the wireless communication device 53 of the member store has the short-distance data communication section 43, the decoding section 28, and the time information determination section 2
It consists of 9. The information reading device 8 has an information reading unit 30 and a transmitting / receiving unit 31. A POS terminal or the like can be adopted as the information reading device 8, but the information reading device 8 is not limited to this.

In such a configuration, the short distance data communication unit 43 is the short distance data communication unit 41 of the mobile phone 51.
For wireless communication with, for example Blue
It consists of tooth, IrDA, RFID, etc. The decryption unit 28 is for decrypting the encryption information (A + T) into the information before the encryption with the decryption key. Then, the time information determination unit 29 reads the time information from the information before encryption and determines whether or not the information is valid. The information reading unit 30 is for extracting the card number information A from the information before encryption. The transmitting / receiving unit 31 is for transmitting the card number information A to the server 3 of the credit sales company.

The server 3 of the credit sales company also has a function as a settlement system, and is composed of a transmission / reception unit 32 and a billing processing unit 33.

Since a publicly known technique can be adopted as the server 3, a detailed description thereof will be omitted, but the transmitting / receiving section 32 receives the card number information A transmitted from the information reading device 8 of the member store. It is for. The billing processor 33 is for billing the user based on the card number information A.

Hereinafter, with reference to the flowchart of FIG.
The processing by the information processing system according to the second embodiment having the above-described configuration will be described in detail. Note that this processing also corresponds to the information processing method according to the second embodiment of the present invention.

The ID / P of the mobile phone 51 is set by the user.
When the W input unit 11 and the service selection unit 12 are operated and the URL of the website of the service provider is input, the mobile phone 51 receives the transmission / reception unit 1 under the control of the control unit 15.
The server 52 of the service provider is accessed via 6 and the network 4 (step S21).

When the transmission / reception unit 17 receives the access by the mobile phone 51, the server 52 of the service provider reads the file relating to the PW input screen from the DB (not shown) under the control of the control unit 19, and the transmission / reception unit It will be transmitted to the mobile phone 51 via 17 and the network 4 (step S22).

In this way, the mobile phone 51 has the transmitting / receiving unit 1
When the file related to the PW input screen is received at 6, the PW input screen (described above in FIG. 4A) is displayed on the display unit (not shown) under the control of the control unit 15 (step S2).
3).

Subsequently, the user inputs the ID / PW input unit 1
When 1 is operated, the password is input to the PW input area 100a, and the send button 100b is selected, the mobile phone 51 receives the PW information via the transmission / reception unit 16 and the network 4 under the control of the control unit 15. , To the server 52 of the service provider (step S24).

In the server 52 of the service provider, when the transmission / reception unit 17 receives the PW information, the authentication unit 20 performs a predetermined authentication process based on the PW information (step S25).
When it is determined that this authentication is established, the file related to the card selection screen is read from the DB (not shown) and transmitted to the mobile phone 51 via the transmission / reception unit 17 and the network 4 under the control of the control unit 19. (Step S26).

Thus, in the mobile phone 1, the transmitting / receiving unit 1
When 6 receives the file related to the card selection screen, the card selection screen (described above in FIG. 4B) is displayed on the display unit (not shown) under the control of the control unit 15 (step S27).

Subsequently, the user inputs the ID / PW input unit 1
When 1 is operated, a desired card is selected in the card selection area 101a, and the send button 101b is selected, the mobile phone 51 transmits the user information to the transmission / reception unit 16 and the transmission / reception unit 16 under the control of the control unit 15. It is transmitted to the server 52 of the service provider via the network 4 (step S2
8). Then, when the transmitting / receiving unit 17 receives the user information, the service user server 52 receives the user information storage DB.
The card number information A corresponding to the user information is read from 18. If the user information storage DB 18 is not included, the following method is adopted. That is, the server 52 transmits the user information to the server 3 of the credit sales company via the leased line 5 (step S29). Then, when the server 3 receives the user information, the server 3 reads the card number information A corresponding to the user information, and the server 52 through the leased line 5.
It returns to the side (step S30). By any of these methods, the card number information A corresponding to the user information is acquired.

Subsequently, in the server 52 of the service provider, the time information adding unit 22 adds the time information T to the card number information A to generate the additional information A + T, and the encryption unit 23.
Encrypts the additional information A + T with an encryption key by a public key method or the like to generate encryption information (A + T) (step S31). Then, the server 52 transmits this cipher information A + T to the mobile phone 51 of the user via the transmission / reception unit 17 and the network 4 under the control of the control unit 19 (step S32). Then, in the mobile phone 51, when the transmission / reception unit 16 receives the encryption information A + T, the encryption information (A + T) is stored in the data storage unit 40. At this time, a confirmation display such as "The card information has been received" may be displayed on the display unit (not shown) (step S33). Then, the control unit 15 causes the encryption information (A
+ T) is read out, and the short distance data communication unit 41 causes the short distance data communication unit 41 to read the encryption information (A +) based on the instruction from the short distance data communication instruction unit 42.
T) is wirelessly transmitted to the information reading device 52 of the member store (steps S34 and S35).

The short-distance data communication unit 43 of the information reading device 53 of the member store receives the encryption information (A + T), and the decryption unit 28 further adds the encryption information (A + T) to the additional information before the encryption by the decryption key. Decode to A + T. Then, the time information determination unit 29 determines the validity of the information based on the time information T included in this information A + T (step S36).

In the information processing system and method according to the second embodiment, in the time information judging section 29, the time when the decryption section 28 decrypts the cipher information A + T precedes the time relating to the time information T. If so, the information is judged to be valid. However, it goes without saying that the method of determining the effectiveness is not limited to this.

Thus, when the validity of the information is confirmed,
The information reading unit 30 transmits the card number information A to the server 3 of the credit sales company via the transmitting / receiving unit 31 (step S3).
7). In the server 3, the transmitting / receiving unit 32 uses the card number information A
Is received, and the billing processing unit 33 performs predetermined information processing, such as billing processing (step S38).

Since a known technique can be adopted for this charging process, detailed description thereof will be omitted here.

Here, the storage contents of the user information storage DB 18 in the server 52 of the service provider are as shown in FIG. 5 above, and the details thereof are as described above, and therefore duplicated here. The description is omitted.

As described above, in the information processing system and the information processing method according to the second embodiment of the present invention,
From mobile phone 51 to network 4 such as the Internet
Only the information relating to the user's mobile phone number and the like is transmitted to the server 52 of the service provider via the card number information, and the card number information is not exchanged as it is and is encrypted. The confidentiality of the card number information is maintained because it is only transmitted from the server 52 to the mobile phone 51. Further, since the card number information is encrypted after the time information is added to the card number information, the card number information having a reusable characteristic can be communicated and held in a non-reusable manner to further improve security. To be done. That is, the encryption information is OTCN (One Time Card Nu
Since it is said to be mber), illegal copying is also prevented,
It will also be impossible to generate fake barcodes. Further, in the member store, since the service can be provided only by adding the wireless communication device 53 to the information reading device 8 such as the POS register which has been conventionally provided, the existing infrastructure is possible, The capital investment burden is also reduced,
It is expected that shops in a wide range of fields will subscribe to the service.

The user is not required to carry a plurality of credit cards or the like, and can enjoy the service with a plurality of credit cards or the like only by using the mobile phone. Therefore, the convenience and the utilization rate are improved. It will be.

Next, the information processing system and the information processing method according to the third embodiment of the present invention will be described in more detail based on the above-mentioned characteristic points.

The information processing system according to the third embodiment has the same structure as the time information adding section 22 in the configuration shown in FIG.
When the user information is transmitted from the server 2 of the service provider to the server 3 of the credit company and the card number information is returned to the server 2 as a response, the server 3 separately issues the issue time. The information is held, and the server 3 appropriately determines the validity of information in response to a request from the member store.

As described above, the third embodiment is substantially the same as the configuration of FIG. 2, and therefore the same reference numerals will be used to describe the same configurations. The third embodiment can of course be realized by the same configuration as that shown in FIG.

Hereinafter, referring to the flow chart of FIG.
Processing by the information processing system according to the third embodiment will be described in detail. Note that this processing also corresponds to the information processing method according to the third embodiment of the present invention.

When a series of processing by this information processing system is started, first, the ID of the mobile phone 1 is set by the user.
When the / PW input unit 11 or the service selection unit 12 is operated and the URL of the website of the service provider is input,
Under control of the control unit 15, the mobile phone 1 accesses the server 2 (the above URL) of the service provider via the transmission / reception unit 16 and the network 4 (step S51).

When the server 2 of the service provider receives the access from the mobile phone 1 via the transmission / reception unit 17, the file related to the PW input screen is read from the DB (not shown) under the control of the control unit 19. The data is transmitted to the mobile phone 1 via the transmission / reception unit 17 and the network 4 (step S52). The mobile phone 1 receives the P
When the file related to the W input screen is received, the PW input screen is displayed on the two-dimensional data display unit 14 under the control of the control unit 15 (step S53).

The state of this PW input screen is shown in FIG.
This is as shown in (a).

In this way, when the user operates the ID / PW input unit 11, the PW is input to the PW input area 100a, and the send button 100b is selected, the portable telephone 1 is controlled by the control unit 15. Below, the PW information is transmitted to the server 2 of the service provider via the transmission / reception unit 16 and the network 4 (step S54).

The server 2 of the service provider has the transmitting / receiving unit 1
When the authentication unit 20 receives the PW information, the authentication unit 20 performs a predetermined authentication process based on the PW information (step S55). When it is determined that the authentication is established, the file related to the card selection screen is subsequently deleted. The data is read from the illustrated DB and transmitted to the mobile phone 1 via the transmission / reception unit 17 and the network 4 under the control of the control unit 19 (step S56).

Thus, in the mobile phone 1, the transmitting / receiving unit 1
When 6 receives the file related to the card selection screen from the server 2, the two-dimensional data display unit 14 displays the card selection screen under the control of the control unit 15 (step S57).

The state of this card selection screen is shown in FIG.
This is as shown in (b).

Subsequently, the user inputs the ID / PW input unit 1
1 is operated, the desired card is selected in the card selection area 101a, and the send button 101b is selected, the mobile phone 1 is controlled by the control unit 15 and the information related to the card selection (hereinafter Personal information) will be transmitted to the server 2 of the service provider via the transmission / reception unit 16 and the network 4 (step S58).

When the transmitting / receiving unit 17 of the server 2 of the service provider receives the user information, the server 2 transmits the user information to the server 3 of the credit sales company via the leased line 5 (step S59). . Then, the server 3 reads the card number information A corresponding to the user information, and the dedicated line 5
It returns to the server 2 side via (step S60). At this time, the server 3 of the credit sales company or the like records or stores the time when the card number information is returned to the server 2 (hereinafter referred to as the issuing time) (step S62).

Subsequently, in the server 2 of the service provider,
The encryption unit 23 encrypts the card number information A with an encryption key by a public key method or the like to generate encryption information (A). Then, the two-dimensional data conversion unit 24 further converts the encryption information (A) into two-dimensional data [A], and the two-dimensional data storage unit 25 stores this two-dimensional data [A] (step S61). . In this way, the server 2 transmits the generated two-dimensional data [A] to the user's mobile phone 1 via the transmission / reception unit 17 and the network 4 under the control of the control unit 19 (step S63).

Then, the mobile phone 1 uses the two-dimensional data.
When the transmitter / receiver 16 receives [A], the two-dimensional data [A] is stored in the two-dimensional data storage 13. Then, in the mobile phone 1, the control unit 15 reads the two-dimensional data [A] and displays the two-dimensional data display screen on the two-dimensional data display unit 14 (step S64).

The two-dimensional data display screen is as shown in FIG. 4 (c).

In this way, when the user visits a member store such as a store and presents the mobile phone 1 at the member store (step S65), the two-dimensional information reading device 54 of the member store 2 is displayed.
The two-dimensional data reading unit 26 reads the two-dimensional data [A] displayed on the two-dimensional data display unit 14 of the mobile phone 1 (step S66). The two-dimensional data analysis unit 27 converts the two-dimensional data [A] into encryption information (A), and the decryption unit 28 decrypts the encryption information (A) into card number information A before encryption with a decryption key. Yes (step S67).

Next, the information reading device 8 of the member store requests the server 3 of the credit sales company or the like to judge the validity of the card number information A (step S68).

The server 3 of the credit sales company that received this request
Determines the validity of the card number information A based on the information relating to the issuing time previously recorded or stored in step S62 (step S69). Here, for example, it is determined that the information is invalid if a predetermined time has elapsed from the issuance time and is valid before the issuance time has elapsed, but the method is not limited to this. is not.

The "issue time" is a broad concept including both the issue time and the allowable elapsed time itself.

In this way, when the server 3 determines that the card number information A is valid, the server 3 sends the selection information for a normal card processing request (authorization) to the information reading device 8 side of the member store. (Step S7
0) and thereafter, the billing processing unit 33 of the server 3 performs predetermined information processing, such as billing processing (step S7).
1). A publicly known technique can be adopted for this billing process, and thus a detailed description thereof will be omitted. With the above, a series of processes related to the payment process is completed.

As described above, in the information processing system and the information processing method according to the third embodiment of the present invention,
From mobile phone 51 to network 4 such as the Internet
Only the information relating to the user's mobile phone number and the like is transmitted to the server 52 of the service provider via the card number information, and the card number information is not exchanged as it is and is encrypted. The confidentiality of the card number information is maintained because it is only transmitted from the server 52 to the mobile phone 51. In addition, the server 3 of a credit company or the like holds the time when the card number information is issued, and the validity of the card number information is appropriately judged in response to a request from the information reading device 8 of the member store. It is possible to communicate and retain the card number information having a possible characteristic in a non-reusable manner, and security is further improved. Furthermore, in the member store, since it is possible to perform this service only by adding a simple configuration to the information reading device 8 such as a POS register which has been conventionally provided, the existing infrastructure is possible. The capital investment burden will be reduced, and it is expected that stores in a wide range of fields will subscribe to the service.

The user is not required to carry a plurality of credit cards or the like, and can enjoy the service using a plurality of credit cards or the like only with a mobile phone, which improves convenience and utilization rate. It will be.

Next, a fourth embodiment of the present invention will be described.

11 and 12 show the configuration of an information processing system according to the fourth embodiment of the present invention, which will be described. First, as shown in FIG. 11, the server 300 includes a user information storage DB 301, an authentication unit 302, and a service selection unit 3.
03, common key K1 storage unit 304, first calculation unit 305,
The second common key K2 generation unit 306, the encryption unit 307, the barcode generation unit 308, and the transmission / reception unit 309.
The user information storage DB 301 includes user IDs, PWs, mobile phone numbers, card numbers corresponding to these, and PIs.
It is for accumulating the N code P and the like. In the fourth embodiment, it is assumed that these various types of information are registered in advance by the user. Here, the PIN code is
It means a so-called personal identification number which is a number and a character string for personal authentication.

On the other hand, as shown in FIGS. 11 and 12,
The user's mobile phone 400 includes a control unit 406 including a CPU and the like for controlling the entire mobile phone 400, and an ID / PW.
An input unit 402, a service selection unit 403, a two-dimensional data storage unit 404, a two-dimensional data display unit 405 such as a liquid crystal display unit, and a transmission / reception unit 401.

Incidentally, in the fourth embodiment, the mobile phone 1
However, the present invention is not limited to this, and it goes without saying that a mobile terminal such as a PDA or a notebook personal computer can be adopted.

Further, as shown in FIG. 12, the two-dimensional information reading device 500 of the member store has a two-dimensional data reading unit 5
01, two-dimensional data analysis unit 502, decryption unit 503, inverse operation unit 507, authentication unit 508, common key storage unit 504,
It comprises a PIN input unit 505 and a second common key generation unit 506. The information reading device 600 of the member store includes an information reading unit 601 and a transmission / reception unit 602, and the server 700 includes a billing processing unit 7.
01 and a transmitting / receiving unit 702. A POS terminal or the like can be adopted as the information reading device 600. The server 700 also has a function as a payment system and can adopt a known technique, and thus a detailed description thereof will be omitted.

Then, as shown in FIG. 11, the server 300 and the portable telephone 400 are provided in the transmitting / receiving units 3 respectively.
It is configured to be able to communicate via 09 and 401. Further, as shown in FIG. 12, the mobile phone 400 and the two-dimensional information reading device are communicable, and the two-dimensional information reading device 500, the information reading device 600, and the server 700.
Is configured to communicate freely.

The characteristic operation of the information processing system according to the fourth embodiment will be described in detail below with reference to FIGS. 11 and 12.

When a series of processing by this information processing system is started, the user can enter the ID / ID of the mobile phone 400.
The PW input unit 402 and the service selection unit 403 are operated,
When the URL of the website of the service provider is input, the mobile phone 400 accesses the server 300 (the above URL) of the service provider via the transmission / reception unit 401 and the network under the control of the control unit 406. .

When the server 300 of the service provider receives the access from the mobile phone 400 through the transmission / reception unit 309, the PW under control of the control unit (not shown).
Read the file related to the input screen from the DB (not shown),
The data is transmitted to the mobile phone 400 via the transmission / reception unit 309 and the network. The mobile phone 400 includes a transmitting / receiving unit 40.
When the file related to the PW input screen is received at 1, the two-dimensional data display unit 405 displays the PW input screen under the control of the control unit 406. The appearance of this PW input screen is, for example, as shown in FIG. In this way, when the user operates the ID / PW input unit 402 and inputs the PW, the mobile phone 400 receives the PW information under the control of the control unit 406.
1 to the server 300 of the service provider via the network.

In the server 300 of this service provider, when the transmission / reception unit 309 receives the PW information, the authentication unit 302 performs a predetermined authentication process based on the PW information, and when it is determined that the authentication is established, Then, the file related to the card selection screen is read from the DB (not shown) and transmitted to the mobile phone 400 via the transmission / reception unit 309 and the network under the control of the control unit (not shown).

Thus, in the mobile phone 400, when the transmitting / receiving unit 401 receives the file relating to the card selection screen from the server 300, the two-dimensional data display unit 405 displays the card selection screen under the control of the control unit 406. . The state of this card selection screen is, for example, as shown in FIG.

Then, the user inputs the ID / PW input unit 4
When 02 is operated and a desired card is selected, the mobile phone 400 transmits the selection information to the server 300 of the service provider via the transmission / reception unit 401 and the network under the control of the control unit 406. become. In the server 300 of the service provider, when the transmitting / receiving unit 309 receives the selection information, the service selecting unit 303 reads the card number information A corresponding to the user information from the user information storage DB 301. If the server 300 does not have the user information storage DB 301, the user information is transmitted to the server of the credit company via a dedicated line and corresponds to the user information transmitted from the server of the credit company. The card number information A is received via the leased line.

Next, in the server 300 of the service provider, based on the common key K1 previously stored in the common key K1 storage unit 304 and the PIN code P in the user information storage DB 301, the second common key generation unit At 306, the common key K2 is generated. The PIN code P corresponds to an example of the first personal identification code recited in the claims.

The first calculation unit 305 generates new data A1 based on the card number information A and the PIN code P. The data A1 corresponds to an example of additional information described in the claims. It goes without saying that various methods can be adopted for this calculation as long as it is a reversible calculation. The encryption unit 307 encrypts the data A1 using the common key K2 to generate encrypted data A2. The common key K2 corresponds to an example of second common key information described in the claims. The encrypted data A2 corresponds to an example of encrypted information described in the claims. The barcode generation unit 308 converts the generated encrypted data A2 into a two-dimensional barcode,
Two-dimensional data A3 is generated and transmitted to the mobile phone 400 via the transmission / reception unit 309.

When the transmission / reception unit 401 receives the two-dimensional data A3, the mobile phone 400 receives the two-dimensional data storage unit 4
The two-dimensional data A3 is stored in 04. Then, the control unit 406 reads the two-dimensional data A3 and displays the two-dimensional data display screen on the two-dimensional data display unit 405. Here, the two-dimensional data display screen is, for example, as shown in FIG. 4C above, but is not limited to this.

Thus, when the user visits a member store such as a store and presents the mobile phone 400 at the member store, the two-dimensional data reading unit 501 of the two-dimensional information reading device 500 of the member store causes the two-dimensional data reading unit 501 of The two-dimensional data A3 displayed on the dimensional data display unit 405 is read. Two
The dimensional data analysis unit 502 converts this two-dimensional data A3 into encrypted data A2. Second common key generation unit 506
Generates a common key K2 ′ based on the PIN code P ′ input by the PIN input unit 505 and the common key K1 stored in the common key storage unit 504. This PI
The N code P'corresponds to an example of the second personal identification code recited in the claims. Further, the common key K2 'is the third key in the claims.
It corresponds to an example of a secret code. Here, the PIN input section 5
If the PIN code P'input from 05 is correct, P
= P ', K2 = K2'.

Next, the decryption unit 503 decrypts the encrypted data A2 into the data A1 'using the common key K2'.
Here, if the above P = P ', then A1' = A1.

Then, the inverse operation unit 507 inversely operates the data A1 'to separate and extract the card number information A and the PIN code P ". This PIN code P" is the third secret code in the claim. Corresponds to an example. Then, in the authentication unit 508, P ″ and P generated by a predetermined inverse calculation are
The P'input by the IN input unit 505 is compared, and if they match, the card number information A is read and the reading device 6 is read.
00 will be transmitted. The information reading unit 601
Transmits the card number information A to the server 700 of the credit sales company via the transmission / reception unit 602.

In the server 700, the transmitting / receiving unit 702 receives the card number information A, and the billing processing unit 701 performs a predetermined billing process. A publicly known technique can be adopted for this charging process. This is the end of the series of processes.

In the information processing system and method according to the fourth embodiment described above, a new common key K2 'is generated by using the PIN code P'as a part of the common key K1 and decrypted by the common key K2'. Since the configuration is changed, higher security can be realized as compared with the conventional method.
Furthermore, since there is no time information element, the bar code information can be used even if it is stored in the portable terminal 400. That is, a situation can be created in which the mobile phone 400 can be used even when it is out of service. In this case, since it is not necessary to communicate with the server 300 every time it is used, the communication cost is reduced.

In the fourth embodiment, the intermediate operation result during the encryption / decryption process is temporarily stored in a volatile memory (not shown) for a minimum period, and the operation is completed. After that, it is quickly erased. Further, the common key K1 is stored in a decoder unit (not shown) such that the storage area of the common key K1 cannot be found even if the decoder unit is stolen or the like and the memory is analyzed. Further, the input from the PIN input unit 505 is not accepted when the input is performed at a speed higher than a normal operation performed by a human, thereby preventing unauthorized access. Further, when PIN code input errors occur a predetermined number of times or more in succession, the input is not accepted for a predetermined period to prevent fraud.

Next, a fifth embodiment of the present invention will be described.

13 and 14 show the configuration of an information processing system according to the fifth embodiment of the present invention, which will be described. Here, the same components as those of the fourth embodiment described above are denoted by the same reference numerals, common configurations and actions are not described repeatedly, and characteristic portions are mainly described.
As shown in FIG. 13, the server 350 has a configuration in which the time information generation unit 310 is incorporated, which is a difference in configuration from the server 300 of FIG. 11. Further, as shown in FIG. 14, the two-dimensional information reading device 550 includes an authentication unit 508.
In place of the authentication and time information determination unit 509, there is a difference in configuration from the two-dimensional information reading device 500 of FIG.

Hereinafter, the characteristic operation of the information processing system according to the fifth embodiment will be described in detail with reference to FIGS. 13 and 14.

In the fifth embodiment, the fourth point is as follows.
Different from the embodiment.

That is, in FIG. 13, in the server 350 of the service provider, the common key K1 and the user information storage DB 301 stored in advance in the common key K1 storage unit 304.
The second common key generation unit 306 generates the common key K2 based on the PIN code P in the above. Then, the first calculation unit 305 generates new data A1 based on the card number information A, the PIN code P, and the time information T generated by the time information generation unit 310. This time information T is
This corresponds to an example of the first time information described in the claims. As described above, the point that the data A1 is generated by including the time information T generated by the time information generation unit 310 is different from the fifth embodiment. The encryption unit 307 encrypts the data A1 using the common key K2 to generate encrypted data A2. In the barcode generation unit 308, the generated encrypted data A2 is converted into a two-dimensional barcode and the two-dimensional data A2 is generated.
3 is generated, and the mobile phone 4 is generated via the transmission / reception unit 309.
To 00. The subsequent steps are the same as those in the fourth embodiment.

On the other hand, in FIG. 14, the inverse operation unit 507 inversely operates the data A1 to obtain the card number information A and P.
The IN code P and the time information T ′ are separated and extracted. This time information T'corresponds to the second time information described in the claims. P
= P ', then T = T'. Then, the authentication and time information determination unit 509 compares P ″ generated by a predetermined inverse calculation with P ′ input by the PIN input unit 505 to determine whether or not they match. The time information T '(P = P'
If so, the validity of the information is determined based on T ′ = T).

That is, in the information processing system and method according to the fifth embodiment, the authentication and time information determination unit 5
Regarding the time information determination, 09 determines that the information is valid if the decoding timing (time) by the decoding unit 503 precedes the time related to the time information T ′ (= T). Alternatively, the timing of determination by the authentication and time information determination unit 509, that is, the current time is the time information T '(=
If T) has not passed, it is determined that the information is valid.

However, the judgment method is not limited to this.

As described above, in the fifth embodiment, for example, by setting the extracted time information T as the expiration date or update expiration date of this service, higher security than the conventional method can be realized. . That is, if the legitimate PIN code is entered, it is possible to check the expiration date of the service without inquiring to the center, and it is possible to effectively prevent illegal use. Also,
Even if the mobile phone 400 is lost and the PIN code is found by setting the time information T to be embedded in the two-dimensional barcode to a few minutes after the two-dimensional code generation time (for example, 10 minutes later), Since it becomes impossible to read the two-dimensional barcode with the passage of time, higher security can be realized.

Of course, the present invention also includes the following contents.

That is, first, at least the server (30
0) and the information reading device (500) are communicatively connected to each other, in the information processing system, the server (300) is
A storage unit (301) that stores user information, secret information, and a secret code, and secret information corresponding to the user information from the mobile terminal and the first secret code are read from the storage unit, and stored as the secret information. First with the first PIN code added
A calculation means (305) for generating additional information, and a second common key information generation means (306) for generating second common key information based on the previously stored first common key information and the first personal identification code. And an encryption means (30) for generating the encrypted information by encrypting the first additional information with the second common key information.
7) and a transmitting / receiving means (309) for transmitting the encrypted information to the mobile phone (400), and the information reading device (500) receives the second secret code input. Means (505), and third common key information generation means (506) for generating third common key information based on the second secret code and the first common key information stored in advance.
And the cryptographic information from the portable terminal (400), the third
A decryption unit (503) unit that decrypts the second additional information by decrypting the common key information, and an inverse operation unit (5) that inversely operates the second additional information and separates it into secret information and a third secret code.
07) and an authentication means (508) for comparing the third secret code with the second secret code and judging that the confidential information is valid when the two match. A characteristic information processing system.

Second, in the information processing system in which at least the server (350) and the information reading device (550) are communicably connected, the server (350) stores user information, secret information, and a secret code. Memory means (3
01), the secret information corresponding to the user information from the mobile terminal, and the first secret code are read from the storage means,
Based on the computing means (305) for adding the first secret code and the first time information to the secret information to generate the first additional information, the previously stored first common key information and the first secret code. Second common key information generation means (306) for generating second common key information, and an encryption means (307) for encrypting the first additional information with this second common key information to generate encrypted information, This encrypted information is sent to the mobile phone (40
0)) transmitting / receiving means (309), and the information reading device (550) includes second secret code input means (505) for accepting the input of the second secret code, and the second secret code. Third common key information generating means (506) for generating third common key information based on the first common key information stored in advance, and encryption information from the portable terminal (400), the third common key information. And a decoding means (503) for decoding the second additional information and an inverse operation means for inversely calculating the second additional information to separate the secret information, the third secret code and the second time information ( 507), the result of comparison between the third secret code and the second secret code, and the second time information, based on the second time information, authentication and time information determination means for determining whether or not the secret information is valid. (509),
An information processing system, comprising:

In the second aspect, as an example, the authentication and time information determination means (509) determines that the third authentication code and the second authentication code match, and the second time information indicates the current time. If it does not exceed the above, the confidential information is judged to be valid.

Although the embodiment of the present invention has been described above, the present invention is not limited to this, and it goes without saying that various improvements and changes can be made without departing from the spirit of the present invention. For example, in the first to fifth embodiments described above, it is premised that the public key method is adopted as the encryption method, but either the encryption key or the decryption key may be disclosed. More specifically, it is possible to employ various methods such as RSA encryption, Elgamal encryption, elliptic curve encryption and the like. Furthermore, in the first, second, and fifth embodiments, the time information T is added, but the added information is not limited to the time information T and is suitable for improving security. If so, it goes without saying that various types can be adopted. In addition, the above first to fifth
In the embodiment, the card number information is to be encrypted,
Although it has been the object of the dimensional data conversion, it is needless to say that the invention is not limited to these and can be applied to various kinds of information that is “secret information” that requires high confidentiality.

[0160]

As described above in detail, according to the present invention, the security is improved by realizing an effective unauthorized use preventing function with a simple structure without largely changing the existing system. , Users can use their mobile phones as substitutes for cards at stores, etc.,
It is possible to provide an information processing system and an information processing method that improve the convenience of the user and further the confidentiality of the personal information of the user.

[Brief description of drawings]

FIG. 1A is a diagram showing a relationship between a mobile phone 1, a server 2 of a service provider, and a server 3 of a credit sales company in an information processing system according to an embodiment of the present invention,
(B) is a diagram showing the relationship between the mobile phone 1, the information reading device 8 of the member store, and the server 3 of a credit sales company in the information processing system according to the embodiment of the present invention.

FIG. 2 is a block diagram showing a configuration of an information processing system according to the first embodiment of the present invention.

FIG. 3 is a flowchart for explaining a flow of processing by the information processing system according to the first embodiment of the present invention together with a data flow.

FIG. 4A shows a state of a PW input screen 100,
(B) shows a state of the card selection screen 101, and (c) is a diagram showing a state of the two-dimensional data display screen 102.

FIG. 5 is a diagram showing stored contents of a user information storage DB 18.

FIG. 6 is a diagram for explaining customization of a card selection screen 101.

FIG. 7 is a block diagram showing a configuration of an information processing system according to a second embodiment of the present invention.

FIG. 8 is a flowchart for explaining the flow of processing by the information processing system according to the second embodiment of the present invention together with the data flow.

FIG. 9 is a flowchart for explaining the flow of processing by the information processing system according to the third embodiment of the present invention together with the data flow.

FIG. 10 is a diagram showing a configuration of an information processing system according to a conventional technique.

FIG. 11 shows and describes a configuration of an information processing system according to a fourth embodiment of the present invention.

FIG. 12 shows and describes a configuration of an information processing system according to a fifth embodiment of the present invention.

FIG. 13 shows and describes a configuration of an information processing system according to a fifth embodiment of the present invention.

FIG. 14 shows and describes a configuration of an information processing system according to a fifth embodiment of the present invention.

[Explanation of symbols]

1 mobile phone 2 servers 3 servers 4 network 5 dedicated line 6 Bar code reader 7 converter 8 information reader 9 Wireless communication section 10 dedicated line 11 ID / PW input section 12 Service selection section 13 Two-dimensional data storage 14 Two-dimensional data display 15 Control unit 16 Transmitter / receiver 17 Transmitter / receiver 18 User information storage DB 19 Control unit 20 Authentication Department 21 Service selection section 22 hours information addition section 23 Encryption Department 24 Two-dimensional data conversion part 25 Two-dimensional data storage 26 Two-dimensional data reader 27 Two-dimensional data analysis unit 28 Decoding unit 29 hour information judging section 30 Information reading unit 31 Transmitter / receiver 32 Transmitter / receiver 33 Charge processing unit 40 data storage 41 Short-distance data communication unit 42 Short-distance data communication instruction section 43 Short-distance data communication unit 51 mobile phones 52 servers 53 wireless communication device 54 two-dimensional information reader

─────────────────────────────────────────────────── ─── Continuation of front page (51) Int.Cl. ⁷ identification code FI H04L 9/00 601C (58) Fields investigated (Int.Cl. ⁷ , DB name) G06F 17/60 G07F 7/10 G07G 1 / 12 H04L 9/32

Claims (8)

(57) [Claims] 1. Receiving user information from a mobile terminal, performing reversible operation with secret information corresponding to the user information and a first secret code to generate additional information, which is stored in advance. A second common key is generated based on the first common key information and the first secret code, the additional information is encrypted by the second common key to generate cryptographic information, and the cryptographic information is transmitted to the mobile terminal. The server for replying and the input of the second personal identification code are received, the third common key information is generated based on the second personal identification code and the first common key information stored in advance, and the cryptographic information from the mobile terminal is stored. When the encrypted information is received, decrypted by the third common key, further separated by the inverse operation into secret information and a third secret code, and the third secret code and the second secret code match. It is determined that the confidential information is valid and The information processing system characterized by comprising processing the information reading device performs a. 2. The user information is received from the portable terminal, and the additional information is generated by performing a reversible operation on the secret information corresponding to the user information, the first password and the first time information. , A second common key is generated based on the first common key information and the first secret code stored in advance, the additional information is encrypted by the second common key to generate cryptographic information, and the cryptographic information is generated. And a second password input by the server, which generates third common key information based on the second secret code and the first common key information stored in advance, and the mobile terminal Receiving the cryptographic information from the third secret key, decrypting the cryptographic information with the third common key, and further separating the secret information into the secret information, the third secret code, and the second time information. 2 Comparison result with PIN code and the second time information Based on the information processing system to determine the validity of the confidential information, characterized by having a information reading device performs a predetermined process if the confidential information is determined to be valid. 3. The information reading device further includes a reading unit that optically reads a display based on the encrypted information of the mobile phone, and obtains the encrypted information stored in the mobile phone by the optical reading by the reading unit. The information processing system according to claim 1, further comprising: 4. The information reading device further comprises a wireless communication unit for wirelessly communicating with the mobile phone, and obtains the cryptographic information stored in the mobile phone by wireless communication by the wireless communication unit. The information processing system according to claim 1 or 2. 5. An information processing method according to an information processing system having at least a server and an information reading device, wherein the server receives user information from a mobile terminal , and secret information corresponding to the user information and a first secret code. The code is used to perform a reversible operation to generate additional information, the second common key is generated based on the first common key information stored in advance and the first secret code, and the second common key is used. It encrypts the additional information to generate the encryption information, a first of the encryption information to reply to the mobile terminal, information reading apparatus, receives the second personal identification code, which is prestored with the second personal identification code The third common key information is generated based on the common key information, the cryptographic information from the mobile terminal is received, the cryptographic information is decrypted by the third common key, and the secret information and the third secret code are obtained by inverse calculation. Separated from code An information processing method in a case where the said third security code and the second personal identification codes match, it is determined that the confidential information is valid, performs predetermined processing, characterized in that. 6. An information processing method using an information processing system having at least a server and an information reading device, wherein the server receives user information from a mobile terminal , and secret information corresponding to the user information and a first secret code. The code and the first time information are used to perform a reversible calculation to generate additional information, and the second common key is generated based on the first common key information and the first secret code stored in advance. the second common key to generate the encrypted information by encrypting the additional information, the encryption information to reply to the mobile terminal, information reading apparatus, receives the second security code, in advance with the second personal identification code The third common key information is generated based on the accumulated first common key information, the cryptographic information from the mobile terminal is received, the cryptographic information is decrypted by the third common key, and further the concealment is performed by the inverse operation. Information and third The secret code is separated into the secret code and the second time information, and the validity of the secret information is judged based on the comparison result of the third secret code and the second secret code and the second time information, and the secret code is stored. An information processing method, characterized in that predetermined processing is performed when the information is determined to be valid. 7. The reading means of the information reading device further comprises a step of optically reading the display of the mobile phone to obtain the encrypted information stored in the mobile phone. The information processing method according to any one. 8. The method according to claim 5, further comprising the step of obtaining the encrypted information stored in the mobile phone by wirelessly communicating with the mobile phone by the wireless communication means of the information reading device. Information processing method described in Crab.