JP4008468B2 - Product purchase linked identification system - Google Patents

Description

  The present invention relates to an identification system, and more particularly to an identification system using a mobile communication device.

  Traditionally, ID cards are usually printed materials such as paper. If you do not carry your ID card with you when you need it, you will not be able to present it. There was inconvenience such as not being able to receive. On the other hand, paying attention to the fact that mobile phones and the like are often carried, identification means using mobile communication devices such as mobile phones have been proposed (for example, Patent Documents 1 and 2). ).

  In addition, if the ID card is just a printed matter, the person who received the ID card reads the contents and confirms the ID card. It was necessary to manually enter information such as name and membership number into the system. As a means for solving this problem, a system in which an IC chip is incorporated in a card-type identification card that is a printed matter, and electrical identification can be performed, for example, a function of a card-type identification card that performs attendance management is expanded. Has been provided (for example, Non-Patent Document 1).

JP 2003-330889 A JP 2004-295507 A Ayano Yoshioka, “ITmedia Business Mobile”, [online], July 2, 2005, IT Media Inc., [searched November 1, 2005], Internet <URL: http://www.itmedia.co .jp / enterprise / mobile / articles / 0507/02 / news015.html # l_ay_sp02.jpg>

  However, in the identification means using the above-described mobile communication device, when identification is requested, the mobile communication device must access and confirm the identification information stored in the server each time. Therefore, for example, if the mobile communication device is a mobile phone and wireless radio communication cannot be performed because radio waves do not reach underground, etc., identification cannot be performed. There were drawbacks.

  In addition, in the system using the above-described card type identification card with an IC chip built-in, the identification card is just a card as in the prior art, so the function linked to the identification card, For example, there is a drawback that it is impossible to realize a function such as reading personal user information from a server and viewing it on the premise of identification. In the case of conventional paper or card-type IDs, student IDs, student IDs, faculty / staff IDs, employee IDs, membership IDs, etc. are issued separately for each issuer. There was a disadvantage that multiple certificates had to be carried.

  In addition, there is no system that automatically checks the status of students, employees, and the like using the mobile communication device 101, thereby managing attendance, attendance, etc. In addition, in a system in which service points are issued according to the purchase of a product if it is a specific service point member, a system for automatically issuing service points by automatically confirming the identity of service point members. Did not exist. In addition, there is no system that realizes a service that automatically confirms the membership status and automatically discounts the purchase price.

  The present invention has been made in view of the above problems, and is an identification system using a mobile communication device, and even when a wireless data communication means cannot be used, an image of a certificate is displayed. In addition, it is possible to visually and electronically verify the identity by outputting certificate information, and on the premise of identification, it is possible to view personal user information such as entrance / exit information and attendance information, It is an object of the present invention to provide a system having multiple functions such as automatically issuing service points according to purchases of members and automatically discounting members.

The present invention has the following features to solve the above problems.
According to one aspect of the present invention, a server is connected to the server by a wireless communication unit and a data communication unit via a network and outputs information as a certificate that each user has a predetermined identity. An identification system comprising a communication device, wherein the server should be certificate information that identifies the user and the user has the predetermined identity, the expiration date of the predetermined identity, and invalidity The certificate information management server that stores the revocation information indicating that the certificate information is revoked in association with each user, and the information related to the certificate information. An application download for causing the mobile communication device to download an application to be output from the mobile communication device via the network A load server, wherein the mobile communication device includes a display screen for displaying information, a processor means for operating the application, a non-volatile memory means for storing data relating to the application, and the application as wireless data. Application download means for downloading from the application download server via a network and storing it in the nonvolatile memory means, and the application operating on the processor means, whereby the certificate information and the expiration date are Certificate information acquisition means acquired from a certificate information management server and stored in the nonvolatile memory means, and the application associated with the user is operated by the processor means. Confirmation information is present in the certificate information management server, and if the existence of the invalidation information is confirmed, information indicating that the certificate information is invalid is stored in the nonvolatile memory means. The invalidation information acquisition means to be stored and the application operates on the processor means to receive the certificate display request from the outside, and the expiration date has not expired according to the display request, If the presence of the invalidation information is not confirmed, the certificate information is read from the non-volatile memory means on the condition that the user is identified by the certificate information as having the predetermined identity. And generating a certificate image including information identifying the user based on the information and a display indicating that the user has the predetermined identity, and displaying the certificate image on the display screen. And a certificate image display means.

  According to the present invention, the mobile communication device transmits and receives data relating to information stored in the nonvolatile memory means to and from an external terminal from the external terminal through the non-contact data communication means. The certificate information output request is received, and in response to the output request, the certificate information stored in the nonvolatile memory means is read, and if the expiration date has not expired, the valid certificate Certificate information output means for outputting information to the external terminal through the contactless data communication means can be further included.

  According to the present invention, the nonvolatile memory means includes a write protection nonvolatile memory means that requires a correct write key when writing data, and the identification system stores the correct write key of the write protection nonvolatile memory means. A write management server for transmitting a data write command with the correct write key to the data write request source via the network in response to a data write request to the write protected nonvolatile memory means received via the network. The certificate information acquisition unit stores the certificate information and the expiration date acquired from the certificate information management server in the write protection nonvolatile memory unit if the existence of the invalidation information is not confirmed. Write data with the correct write key for The certificate information is sent to the write protection nonvolatile memory means by sending a request to send the command from the write management server to the write protection nonvolatile memory means via the network. And the invalidation information acquisition means is configured to store information indicating that the certificate information is invalid in the write-protected nonvolatile memory if the existence of the invalidation information is confirmed. The certificate becomes invalid by sending a request to send the data write command with the correct write key from the write management server to the write protection nonvolatile memory means via the network to the write management server. The information indicating that the write protection is nonvolatile It can be configured to be one which is stored in the memory means

  In the present invention, there are a plurality of certificate information management servers, and each of the plurality of certificate information management servers is a certificate that identifies the user as a person having one of a plurality of types of predetermined status. Certificate information, the expiration date of the predetermined identity, and the certificate information that is supposed to be invalidated is stored invalidation information indicating that the certificate information is invalidated. The protection nonvolatile memory means stores the certificate information of one type of certificate, and the certificate information acquisition means stores the certificate information and the expiration date in the write protection nonvolatile memory means. When the certificate information and the expiration date of another type of certificate have already been stored at the time of storage, the certificate information and the expiration date can be deleted first.

  In the present invention, there are a plurality of the certificate information management servers, and each of the plurality of certificate information management servers is included in a plurality of types of predetermined statuses that are classified into any of a plurality of fields. The certificate information that identifies the user as a person having one identity, the expiration date of the predetermined identity, and the certificate information that is supposed to be invalidated is to invalidate the certificate information. Revocation information representing, wherein the write protection nonvolatile memory means has one write area with a different write key for each of the fields into which the certificate is classified, The certificate information management server stores a correct write key for each field of the certificate information, and the certificate information acquisition unit includes the certificate information and the certificate information. When the expiration date is stored in the write-protected nonvolatile memory means, if the certificate information and the expiration date of another type of certificate in the same field are already stored, the certificate information is deleted first. It can be configured as follows.

  In the present invention, the certificate information management server receives an input of an invalidation request for a certain type of certificate information for a certain user, and generates invalidation information in response to the invalidation request, Accepting an input of a validation request for a certain type of certificate information for a certain user, and accepting an validation request for deleting the invalidation information when the invalidation information exists in response to the validation request And means.

  The present invention confirms whether or not the revocation information exists in the certificate information management server by operating the application on the processor means, and if the existence of the revocation information is not confirmed, If the information indicating that the certificate information is invalid is already stored in the non-volatile memory means, it can be configured to further comprise an enabling means for erasing the information.

  The certificate information management server includes hardware identification information acquisition means for acquiring hardware identification information for uniquely identifying hardware of a mobile communication device during wireless data communication with the mobile communication device, The hardware identification information of the mobile communication device used by the user is further stored in association with the user, and the hardware communication information is used to identify the mobile communication device that obtains the certificate information and the expiration date. Can be configured.

  According to the present invention, the certificate information management server sends the revocation information acquisition unit of the mobile communication device having hardware identification information other than the hardware identification information stored in association with a certain user to the same user. When it is confirmed whether or not invalidation information stored in association is present, it can be configured to notify the mobile communication device that invalidation information is present.

  In the present invention, the certificate information management server sends the certificate information acquisition means of the mobile communication device having hardware identification information other than the hardware identification information stored in association with a certain user to the same user. When the certificate information stored in association with the expiration date is acquired, the hardware identification information other than the hardware identification information stored in association with the user is stored as the hardware identification information to be stored. Can be configured to change to

  In the present invention, the mobile communication device may be a mobile phone further provided with voice communication means, and the hardware identification information may be a telephone number of the mobile phone.

  In the present invention, the certificate information management server sets an access key for confirming that the user is valid before causing the mobile communication device to acquire the certificate information and the expiration date. The access key acquisition means for acquiring the set access key via the network, further storing the acquired access key in association with the user, and the invalidation information acquisition means The access key is transmitted to the certificate information management server when checking whether the certificate information exists in the certificate information management server, and the certificate information management server receives the revocation information from the revocation information acquisition unit. The access key transmitted when confirming whether the revocation information exists in the certificate information management server is stored in association with the user. And if different access key may be configured to generate the invalidation information for the certificate information.

  In the present invention, when the revocation information acquisition unit confirms whether or not the revocation information exists in the certificate information management server, the access key transmitted to the certificate information management server is the user Can be configured to be input to the mobile communication device.

  In the present invention, when the revocation information acquisition unit confirms whether or not the revocation information exists in the certificate information management server, the access key transmitted to the certificate information management server is temporarily Whether or not the invalidation information obtained by the invalidation information acquisition means from the next time is stored in the certificate information management server when it is input to the mobile communication device by the user. In the confirmation, the stored access key can be transmitted to the certificate information management server.

  In the present invention, when the revocation information acquisition unit after the next time checks whether the revocation information exists in the certificate information management server, the access key is moved by the user last time. When a predetermined period has elapsed since being input to the communication device, the access key is requested to be input again to the mobile communication device, and the correct access key is confirmed to be input again it can.

  The present invention is configured such that the confirmation as to whether or not the revocation information is present in the certificate information management server by the revocation information acquisition unit is performed at least for each primary period that is a predetermined period. it can.

  According to the present invention, it is possible to check whether the revocation information for each primary period by the revocation information acquisition unit exists in the certificate information management server by the application unit operating on the processor unit. If the data communication state fails continuously one or more times, the period after the previous confirmation of whether the revocation information exists in the certificate information management server is greater than the primary period. Judgment whether or not the secondary period, which is a long predetermined period, is exceeded, and if it exceeds, the secondary period exceeding the information indicating that the certificate information is invalid is stored in the nonvolatile memory means It may be configured to further include invalidation means.

  In the present invention, the certificate image display means may be configured to display the certificate image after combining characters representing a specific date or time.

  In the present invention, when the certificate image display means is displaying an image of the certificate, an enlarged display, a reverse display is performed on the image according to a predetermined request input from the user. It can be configured to perform at least one of various image processing including blink, luminance change, hue change, saturation change, and character composition.

  In the present invention, the server further includes a user information management server that stores an entry time of the user at a predetermined facility, and the external terminal is installed on an entrance route of the predetermined facility, The system transmits an output request for the certificate information to the certificate information output means through the contactless data communication means for confirmation of entry of the user at the predetermined facility connected to the external terminal. Received the certificate information from the certificate information output means, and accordingly received the certificate information on the condition that the user is identified by the certificate information as having the predetermined identity. Admission time to transmit the time to the user information management server via the network for storing the admission time of the user at the predetermined facility Transmitting means can be configured to further have a.

  In the present invention, the user information management server further stores an exit time corresponding to the entrance time in the predetermined facility of the user, and the external terminal is installed on an exit route of the predetermined facility, The identification system sends an output request for the certificate information to the certificate information output means through the contactless data communication means for confirming that the user leaves the predetermined facility connected to the external terminal. The certificate information is received on the condition that the certificate information is received from the certificate information output means by transmission, and that the certificate information identifies that the user has the predetermined identity. Is sent to the user information management server via the network for storing the exit time of the user at the predetermined facility. Out time transmitting means can be configured to further have a.

  According to the present invention, the user is a student including a student, and the user information management server further includes class schedule information including a class section name, a class name, and a class date and time selected by each user. It can be configured to store the corresponding class timetable information to the mobile communication device in response to the user's request for class timetable confirmation from the mobile communication device.

  In the present invention, the predetermined facility is a classroom, and when the user information management server receives an entrance time in the classroom of the user, the user information management server compares the received entrance time in the classroom with the name of the opened classroom and the opening date and time. If the classroom corresponds to the name of the classroom and the entrance time corresponds to the date and time of the course, it is determined that the user has attended the corresponding lesson section, and accordingly The attendance information representing can be further stored in association with the class timetable information.

  In the present invention, the user information management server can be configured to transmit the corresponding attendance information to the mobile communication device in response to a request for confirmation of class attendance status from the mobile communication device of the user.

  In the present invention, the user information management server further stores results information representing the results of the user, and in response to a request for confirmation of results from the mobile communication device of the user, the corresponding information on the results of the mobile communication It can be configured to transmit to the device.

  The present invention can be configured such that the certificate is a student card or student certificate.

  In the present invention, the certificate may be configured to be a faculty / staff ID or an employee ID issued by an organization including a school or a company and indicating that the user is employed by the organization.

  In the present invention, the certificate may be configured such that the certificate is a membership card issued by an organizer of a membership-based organization and indicating that the user is registered as a member in the organization.

  In the present invention, the certificate information management server exists in accordance with each of a plurality of types of predetermined statuses, and at least one of the certificate information management servers manages the entry time of the user at the predetermined facility. The certificate information managed by the certificate information management server is transmitted to at least one other certificate information management server that cooperates, and the at least one other certificate information management server transmits the certificate information management server to the at least one certificate information management server. The certificate information received from the server can be stored.

  The present invention according to another aspect further includes a service point issuing terminal for issuing a service point in response to purchase of a product of the user having the predetermined status in a commercial facility, and the server is configured to issue the service point A service point management server connected to a terminal and storing a service point of the user, wherein the service point issuing terminal transmits the certificate information from the certificate information output unit through the contactless data communication unit and the external terminal. The certificate information receiving means for receiving the product, the product price acquiring means for acquiring the price of the product according to the user's product purchase at the commercial facility, and the user by the certificate information received by the certificate information receiving means On the condition that the product has been identified as having the predetermined identity. Service point issuance means for issuing a service point according to the price of the product acquired by the means, and transmitting it to the service point management server for addition of the service point. .

  According to another aspect of the present invention, there is provided an electronic money payment terminal connected to the external terminal for performing payment processing with electronic money using the price as electronic money payment amount according to the user's purchase of goods at a commercial facility, A service point issuing terminal connected to an external terminal for issuing a service point in response to purchase of a product of the user having the predetermined status at the commercial facility, and the write protection nonvolatile memory means An electronic money financial institution server that manages balance information of a financial institution account possessed by the electronic money issuer, and further stores balance information of the electronic money therein, Electronic money management that is connected to an electronic money payment terminal and the electronic money financial institution server and performs settlement processing of electronic money And a service point management server connected to the service point issuing terminal and storing the service point of the user, wherein the electronic money payment terminal is a product according to the user's product purchase at the commercial facility Product price input means for accepting the input of the price, and storing a correct write key of the balance information writing area of the write protection nonvolatile memory means, according to the price of the product input to the product price input means, A balance withdrawal command for changing the balance information of the electronic money with the correct write key to a value obtained by subtracting the electronic money payment amount corresponding to the price of the product through the external terminal and the contactless data communication means. Electronic money payment processing means to be transmitted to the mobile communication device, and the electronic money management server, Electronic money payment amount notification means for notifying that payment of the electronic money payment amount by electronic money has been performed, wherein the service point issuing terminal is a price of a product according to a user's product purchase at the commercial facility Received by the certificate information receiving means, the certificate information receiving means for receiving the certificate information from the certificate information output means through the contactless data communication means and the external terminal, and the certificate information receiving means. On the condition that the certificate information identifies that the user has the predetermined identity, a service point is issued according to the price of the product acquired by the product price acquisition means, Service point issuing means for transmitting to the service point management server for addition of the service point, and The electronic money management server receives the electronic money issuance balance management means for storing the issued balance of each issued electronic money, and the electronic money payment amount notified from the electronic money payment amount notification means. Financial institution possessed by the issuer of electronic money with respect to the electronic money financial institution server by subtracting the electronic money payment amount from the issued balance stored in the electronic money issuance balance management means Electronic money settlement processing requesting means for transmitting a request to transfer the electronic money payment amount from an account to a financial institution account of the commercial facility.

  The present invention further includes a service point financial institution server that manages balance information of a financial institution account held by the service point issuing entity, and the service point management server provides a current request according to a request from the user. Request to write balance information into the write-protected non-volatile memory means such that a balance obtained by adding a reduction amount obtained by converting a part or all of the service points of the user at a predetermined rate to the balance information of the electronic money A request for the write management server to send to the mobile communication device over the network, along with a decrease in the user's service point accordingly, and with it For the service point financial institution server, the service point The request of the reduced amount of money transfer money that the financial institution account from a financial institution account with the issuer of the electronic money possessed by the issuer of the cement can be configured to send.

  The present invention according to another aspect further includes an electronic money payment terminal that is connected to the external terminal and performs payment processing with electronic money using the price as electronic money payment amount according to the user's purchase of goods at a commercial facility. The write protection nonvolatile memory means includes a balance information writing area, further storing the balance information of the electronic money therein, and the server manages balance information of a financial institution account possessed by the issuer of the electronic money An electronic money financial institution server, and an electronic money management server that is connected to the electronic money payment terminal and the electronic money financial institution server and performs electronic money settlement processing. Product price input means for accepting the input of the price of the product according to the user's product purchase at the facility; The correct writing key of the balance information writing area of the origin memory means is stored, and the balance information of the electronic money with the correct writing key is stored in accordance with the price of the product input to the product price input means. An electronic money payment processing means for transmitting a balance withdrawal command for changing an electronic money payment amount corresponding to a price of a product to a value withdrawn to the mobile communication device through the external terminal and the contactless data communication means; and the electronic Electronic money payment amount notification means for notifying the money management server that payment of the electronic money payment amount by electronic money has been performed, and the electronic money management server includes each of the issued electronic money Electronic money issue balance management means for storing the issue balance of the electronic money and the electronic money notified from the electronic money payment amount notification means The electronic money payment amount is subtracted from the issue balance of the electronic money that has been paid and stored in the electronic money issue balance management means, and the electronic money financial institution server receives the electronic money payment amount. An electronic money payment processing requesting means for transmitting a request for transferring the electronic money payment amount from a financial institution account held by a money issuing entity to a financial institution account held by the commercial facility, and payment at the electronic money payment terminal The price of the product to be processed is determined by the user according to the certificate information received by receiving the certificate information from the certificate information output unit through the contactless data communication unit and the external terminal. A predetermined discount is applied on the condition that it is identified that the

  In the above-described invention, terms such as a server are not intended to limit a specific form or specific name of the device, but to represent a device having the general functions. The function of one component may be realized by two or more components, and the function of two or more components may be realized by one component. The invention of the system can also be grasped as an invention of a method in which the functions of each component are sequentially executed. In that case, each component is not limited to what is performed in the order described, but can be performed in any order as long as the overall function can be performed consistently. Moreover, the function which one step has may be implement | achieved by two or more steps, and the function which two or more steps have may be implement | achieved by one step. These inventions are established as a program for causing hardware to function in order to implement the functions of the present invention in predetermined hardware, and also as a recording medium on which the program is recorded. The present invention can also be realized as a computer data signal embodied on a carrier wave and having a program code.

  According to the present invention, a mobile communication device that outputs information as a certificate indicating that each user has a predetermined identity, a certificate information management server, a certificate information management server, a certificate information, an expiration date, and invalidation information. A server that downloads the certificate application, downloads the application and stores it in the non-volatile memory means, and operates to acquire and store the certificate information and the expiration date, and there is invalidation information. If the certificate is invalidated, an image of the certificate including an indication that the user has a predetermined identity if the expiration date has not expired and there is no invalidation information in response to the display request. To generate and display the certificate information so that the mobile communication device stores the certificate information regardless of the state of the wireless communication, thereby making it function as an identification device Can, and it can be reliably disabled if it should be disabled.

  In addition, since the certificate information is electronically output to the outside, it is possible to automatically execute a function based on identification. In addition, since the certificate information is stored in the write-protected nonvolatile memory, it is possible to prevent a malicious third party from forging the certificate information. In addition, in a configuration in which one write area is provided in the write protected nonvolatile memory, one of a plurality of types of identification can be selected and functioned by starting an application. In addition, in a configuration in which a plurality of write areas are provided in the write-protected non-volatile memory, a plurality of types of identification can be executed without starting the application by starting the application. In addition, the certificate information stored in the server can be invalidated by accepting invalidation requests for certain certificate information, or validated by accepting validation requests. Can be managed. In addition, since the certificate information of the mobile communication device can be validated when there is no invalidation information in the server, the validation after invalidation can be performed reliably and quickly. In addition, since the hardware identification information of the mobile communication device is acquired at the time of communication and the device used is authenticated by that, high security can be ensured. In addition, when there is an access from a mobile communication device that does not have registered hardware identification information, it is invalidated, so that high security can be ensured. In addition, when the used device is changed, the registered hardware identification information is changed to that of the used device, so that the used device can be fixed to one and high security can be secured. Since the mobile communication device can be a mobile phone that is almost always carried by the user, the user can always carry the identification device without forgetting it.

  In addition, since an access key that can be specified by the user is used for authentication, the user who uses the mobile communication device can be authenticated, and high security can be secured. In addition, since the access key can be input by the user at the time of authentication, the user can be reliably authenticated. In addition, since the mobile communication device stores the access key once input, and the next authentication can use the stored access key, the user inputs the access key every time authentication is required. Can be configured so that it is not necessary. In this case, since it can be configured that the user needs to re-enter the access key after a certain period of time, it is possible to improve the convenience of the user while ensuring security.

  In addition, since the confirmation of the presence or absence of invalidation information in the server is performed every primary period that is a predetermined period, the certificate information to be invalidated is invalidated within the primary period while keeping the communication fee low. And high security can be secured. In that case, if the verification of the invalidation information fails a plurality of times in succession, the certificate information is invalidated when the secondary period is exceeded, so that high security can be ensured.

  In addition, since the date and time for preventing duplication are combined and displayed on the certificate image, it is difficult to impersonate the certificate image by duplication. In addition, since the image processing is performed on the certificate image in accordance with the input from the user, it can be surely confirmed that the certificate image is displayed by the legitimate mobile communication device.

  In addition, a terminal that can accept certificate information from the mobile communication device is placed on the entrance route of the facility, and the time when the certificate information is entered from there is stored as the entrance time, so easy and reliable entrance management Can be implemented. In addition, a terminal that can accept certificate information from the mobile communication device is placed on the exit route of the facility, and the time when the certificate information is input is stored as the exit time, so it is easy and reliable Can be implemented.

  In addition, since the class timetable information including the class title, class name, and class date and time selected by the user can be stored in association with the user and viewed, the user's identification terminal You can check the timetable that is personal information. In addition, attendance information can be managed easily and reliably by associating admission time with attendance time. In this case, since the attendance information can be called by the mobile communication device, it is possible to check the attendance status, which is personal information of the user, on the user identification terminal. In that case, since the user's grade can be further memorized and viewed, the grade, which is personal information of the user, can be confirmed on the terminal for identifying the user. In addition, since the certificate can be used as a student ID card, a student ID card with many opportunities to be verified can be realized with a mobile communication device, and various functions are automatically executed in conjunction with the proof of student status. It becomes possible. In addition, since certificates can be used as faculty / staff cards, employee cards, and membership cards, those certificates that have many opportunities to be certified can be realized on mobile communication devices, and various functions are automatically linked to the certificate. Can be executed automatically. In addition, by linking the certificate information with a plurality of servers, for example, it is possible to use another company's identification card for managing attendance at the company.

  In addition, since service points can be automatically issued when identification is performed at the time of product purchase at a commercial facility, identification and service point issuance can be linked easily and reliably. In that case, since the goods can be purchased using electronic money stored in the same mobile communication device, identification, service point issuance, and electronic money payment processing can be linked easily and reliably. In that case, since service points can be returned to electronic money and reflected in the electronic money in the mobile communication device, identification and service point return can be linked easily and reliably. In addition, since payment is made with electronic money at a discount price when identification is performed at the time of purchase of goods at a commercial facility, identification, discount service, and electronic money payment processing can be linked easily and reliably.

  An identification system according to an embodiment of the present invention will now be described with reference to the drawings. 1, FIG. 2, FIG. 3, FIG. 4, FIG. 5 and FIG. 6 show the user information-linked identification system 100a according to the first embodiment of the present invention and the product purchase-linked type according to the second embodiment. It is a system configuration block diagram showing the configuration of the identification system 100b. The user information-linked identification system 100a is an embodiment based on a function of performing identification, and thereby manages user information such as entrance / exit management and attendance information. The product purchase interlocking type identification system 100b is an embodiment in which a point service or the like is provided when purchasing a product by performing identification.

  1, FIG. 2, FIG. 4, and FIG. 5 are system configuration diagrams of the user information-linked identification system 100a according to the first embodiment of the present invention, and FIG. 1, FIG. 3, FIG. FIG. 6 is a system configuration diagram of the product purchase interlocking identification system 100b according to the second embodiment of the present invention. The configurations shown in these drawings are connected to each other via a network 141 and an external terminal 142. FIG. 1 mainly relates to a configuration related to the mobile communication device 101, except for the writing area (1) 105a1, the writing area (2) 105a2, and the balance information writing area 105b. The structure of the common part of the purchase interlocking type identification system 100b is shown. 2 and 3 mainly relate to a configuration related to a device connected to the external terminal 142, FIG. 2 shows a configuration related to the user information-linked identification system 100a, and FIG. 3 shows a product purchase-linked identification. Each of the configurations related to the system 100b is a configuration of a non-common part. 4, 5, and 6 mainly relate to the configuration related to the server. FIG. 4 shows the configuration of the common parts of the user information-linked identification system 100a and the product purchase-linked identification system 100b. FIG. 5 shows the configuration of the non-common parts of the configuration related to the user information linked identification system 100a, and FIG. 6 shows the configuration related to the product purchase linked identification system 100b. The network 141 and the external terminal 142 are common to the user information-linked identification system 100a and the product purchase-linked identification system 100b. Hereinafter, the configuration of the common part and the non-common part of the user information-linked identification system 100a according to the first embodiment and the product purchase-linked type identification system 100b according to the second embodiment will be described. .

[Configuration of Common Part of First and Second Embodiments]
The user information-linked identification system 100a is largely divided into a mobile communication device 101, various terminals connected to the mobile communication device 101 via an external terminal 142, and various types connected to the mobile communication device 101 via a network 141. It consists of a server.

  First of all, what is proof of identity? Proof that the user has a predetermined identity can be given to a person who visually recognizes it by generating a certificate image and displaying it, and also confirming that the user has a predetermined identity. By outputting the data to be proved, it can be performed electronically to the device that received the data. Here, the user is a person who has an opportunity to prove that he has a predetermined identity. Specific users include, for example, students including students, employees of organizations including schools or companies, and members of membership organizations. Certificates in these cases are a student ID card or student ID card, a faculty / staff ID card or an employee ID card, and a membership card, respectively. The certificate information 152i1 is used as data that proves that the user has a predetermined identity. The certificate information 152i1 that is basic information of the certificate is information for identifying the user and that the user has a predetermined identity. Therefore, the certificate information 152i1 includes information that uniquely identifies the user and information that uniquely identifies the identity when there are a plurality of identities to be verified. In addition, since there is usually a period for which the identity is valid, an expiration date 152i2, which is information for determining the period for which the identity is valid, is provided for each type of identity of each user. used. Further, since the certificate information 152i1 is stored in the mobile communication device 101, when the mobile communication device 101 is lost or the like, the malicious third party who obtains the certificate information 152i1 illegally uses the mobile communication device 101. In order to prevent the identity from being spoofed, invalidation information 152i3 that invalidates the certificate information 152i1 of the mobile communication device 101 is used.

  The mobile communication device 101 is a portable terminal that acquires certificate information representing the identity of the user from the network, displays the certificate on the screen, and preferably outputs information related to the certificate. A mobile phone having a network connection function, a PDA having a network connection function, and the like. The mobile communication device 101 largely includes a processor means 102, a display screen 103, a non-volatile memory means 104, a data communication means 121, and a wireless communication means 123, and preferably a write protection non-volatile memory means 105, certificate information. It further includes at least one of output means 116, non-contact data communication means 122, and voice communication means 124.

  The processor means 102 is a component that performs predetermined information processing and control based on a program or the like, and specifically, is a form such as a CPU. The program is stored in a non-rewritable ROM, rewritable nonvolatile memory means 104, or the like. The ROM stores a basic program for causing the mobile communication device 101 to function as a cellular phone or PDA having a network connection function. The processor means 102 constitutes specific information processing means by operating a program such as the application 118 stored in the nonvolatile memory means 104 or the like. The display screen 103 is a screen for visually displaying information, and specifically has a form such as a liquid crystal display or an organic EL display. The nonvolatile memory means 104 is a component that stores and holds programs, information, and the like, and is specifically in the form of a flash memory or the like. In the nonvolatile memory means 104, an application 118 for realizing various means for causing the mobile communication apparatus to output information related to certificate information from an application download (D / L) server 153, which will be described later, on the mobile communication apparatus 101. Is downloaded and stored.

The write protection non-volatile memory means 105 is a component that stores and holds data such as programs and information that requires a data write command with a correct write key 154i to write information. The flash memory is controlled by a controller having a key 154i verification function and a write data encryption function. The write key 154i is preferably stored and managed in a write management server 154 managed by a trusted third party. In this case, in order to write predetermined data to the write protected nonvolatile memory means 105,
A data write command with a correct write key 154i for storing predetermined data in the write protection nonvolatile memory means 105 is sent from the write management server 154 to the write protection nonvolatile memory means 105 in the mobile communication device 101 via the network. It is necessary to transmit the request to be transmitted to the write management server 154 via the network. When the write protection nonvolatile memory means 105 receives a data write command with the correct write key 154i, it writes the write data included in the data write command to the write area. If data has already been written to the writing area, the data is preferably erased and then written (overwritten). The write protected non-volatile memory means 105 preferably has a plurality of write areas, each with a different correct write key 154i. In this embodiment, the write-protected nonvolatile memory means 105 includes a write area (1) 105a1 and a write area (2) 105a2 in the user information-linked identification system 100a according to the first embodiment. The merchandise purchase interlocking identification system 100b according to the embodiment includes a balance information writing area 105b. When there are a plurality of write areas, the data write command is accompanied by write area specifying data for specifying the write area, and in the write protection nonvolatile memory means 105b on the receiving side, the data write instruction is accompanied by the correct write key 154i. If it is determined that the data is present, the write data is written to the write area specified by the write area specifying data.
In the case where there are a plurality of write areas for the certificate information 152i1, it is preferable that each write area is classified according to the field of identity. The balance information stored in the balance information writing area 105b corresponds to the amount of electronic money. Electronic money is money represented by balance information that is electronic information stored in a nonvolatile memory, and writing of data to the nonvolatile memory is managed by an issuer of electronic money. When payment by electronic money is performed at a certain commercial facility, the balance information in the non-volatile memory is reduced, and the consideration corresponding to the payment amount is returned to the commercial facility from the electronic money issuer. The writing area 105b preferably stores a code such as a serial number that uniquely identifies each electronic money, which is stored by the electronic money management server 163 after the payment with the electronic money is performed. Used when managing the issued balance of each electronic money.

  Data such as programs and information may be stored in the nonvolatile memory means 104 or in the write protected nonvolatile memory means 105. In order to prevent the malicious third party from altering, duplicating, forging, etc., the certificate information 152i1 to be stored, if it is stored in the write-protected non-volatile memory means 105, it is very sophisticated against such fraud. Security is obtained. On the other hand, when the data is stored in the nonvolatile memory means 104, it is not particularly necessary to manage the write key 154i, so that the system can be realized with a simple configuration.

  The “data write command with a write key” means that the write key 154i is not just a data write command accompanying, but a data write command in which some operation is performed by the write key 154i. is there. Specifically, the data write command accompanied by the write key 154i is, for example, a combination of the write data encrypted with the write key 154i, which is a common key, and a hash value based on a predetermined one-way function of the write data. On the other hand, a code for specifying the type of instruction may be added. On the receiving side of the data write command, the write data is extracted by decrypting the data write command with the write key 154i which is the same common key. Then, the extracted write data is converted by the same one-way function to generate a hash value, and it is confirmed whether or not it is the same as the hash value sent together. If they are the same, the data write command with the correct write key 154 i is determined and the write data is stored in the write area in the write protection nonvolatile memory means 105.

  A public key method may be used for encryption. In this case, a write key 154i when generating a data write command by encryption is used as a secret key, and a public key paired with the secret key is used as the write key 154i when decrypting the data write command. With this configuration, even if a malicious third party decrypts the public key by chip analysis or the like, the secret key cannot be known, so the malicious third party cannot make a fake data write command. . However, since the calculation amount increases, the controller of the write protection nonvolatile memory means 105 has a complicated configuration.

  The application download (D / L) means 111 is a component for downloading applications and the like. Specifically, application download (D / L) in which application software, modules, application data, etc. are arranged on the network 141. L) A function realized by the processor means 102 executing a program stored in a ROM or the like for downloading from the server 153 or the like and storing it in the nonvolatile memory means 104 or the like. Specifically, It is a form of a Web browser or the like when downloading is executed.

  The certificate information acquisition unit 112, the invalidation information acquisition unit 113, the certificate image display unit 114, the secondary period excess invalidation unit 115, and the validation unit 116 are read and stored in the nonvolatile memory unit 104. This is a function realized by the processor means 102 executing 118.

  The certificate information acquisition unit 112 is a component that acquires the certificate information 152 i 1 and the expiration date 152 i 2 from the certificate information management server 152, which will be described later, and stores them in the nonvolatile memory unit 104 or the write protection nonvolatile memory unit 105. The functions realized by the processor 118 executing the application 118 stored in the nonvolatile memory 104. In this way, since the certificate information 152i1 is stored in the nonvolatile memory means 104, it is not necessary to connect to the certificate information management server 152 again when performing identification. For this reason, for example, identification can be performed even in a place where wireless data communication cannot be performed.

  The revocation information acquisition unit 113 confirms whether the revocation information 152i3 exists in the certificate information management server 152 described later. If the revocation information 152i3 is confirmed, the certificate information 152i1 is invalid. A component that stores information representing a certain fact in the nonvolatile memory means 104 or the write-protected nonvolatile memory means 105, and is realized by the processor 118 executing the application 118 stored in the nonvolatile memory means 104. Is a function to be performed.

  The certificate image display unit 114 receives a certificate display request from the outside, and if the expiration date 152i2 has not expired and the presence of the invalidation information 152i3 has not been confirmed according to the display request. The certificate information 152i1 is read from the nonvolatile memory means on the condition that the certificate information 152i1 identifies that the user has the predetermined identity, and based on the certificate information 152i1, the user identifiable information and the predetermined identity are obtained. A component that generates an image of a certificate including a display to the effect and displays it on the display screen 103, and is realized by the processor 118 executing the application 118 stored in the nonvolatile memory unit 104 Is a function to be performed. As information that can identify the user, a name, a member number, and an employee number can be used. A certificate including an indication of having a predetermined identity may be a student card, an employee card, a driver's license, or the like. Regarding the certificate image, if the information for identifying the user included in the certificate information 152i1 is a specific name or the like of the user, characters such as the name may be displayed on the image.

  The information for identifying the user included in the certificate information 152i1 does not necessarily have to include information on the specific name of the user. In that case, since the user can be identified by the information for identifying the user, the name of the user stored in the mobile phone profile or the like is read, and the character is displayed on the certificate image. be able to. If the certificate information management server 152 described later is configured so that the certificate information 152 i 1 can be acquired only by the mobile communication terminal 101 owned by the identified user, the certificate information 152 i 1 Therefore, the certificate information 152 i 1 includes information indicating that the user itself is the certificate information 152 i 1. As long as it is present, a serial number for identifying the user is not necessarily required. In addition, the information included in the certificate information 152i1 that identifies that the user has a predetermined identity may be used if the system according to the present invention is used only for proof of a single identity. Since it is not necessary to identify one, the existence of the certificate information 152i1 itself proves that the user has the identity.

  The secondary period excess invalidation means 115 continuously checks whether or not invalidation information 152i3 for each primary period, which will be described later, exists in the certificate information management server by the invalidation information acquisition means 113 depending on the state of wireless data communication. In the case where one or more failures have occurred, the period after the confirmation of whether or not the previous revocation information 152i3 exists in the certificate information management server 152 is a predetermined period longer than the primary period will be described later. A component that stores the invalidation information 152i3 for the certificate information 152i1 in the nonvolatile memory means 104 or the write protection nonvolatile memory means 105 if it is exceeded. The application 118 stored in the non-volatile memory means 104 is executed by the processor means 102. Functions, and the like.

  The revocation information acquisition unit 113 confirms whether or not the revocation information 152i3 exists in the certificate information management server 152 at least for each primary period that is a predetermined period. Since this confirmation is performed through wireless data communication, it may fail if the state of the wireless data communication is bad. When this confirmation failure occurs once or more, confirmation of whether the invalidation information 152i3 exists, that is, regular connection from the regular mobile communication device 101 is not performed for a long time. In this case, the reliability of the certificate can be improved by invalidating the certificate when the period during which the confirmation is not performed exceeds the secondary period.

  The validation unit 116 checks whether or not the invalidation information 152i3 exists in the certificate information management server 152, and if the invalidation information 152i3 is not confirmed, the certificate information 152i1 is invalid. Is stored in the non-volatile memory means 104 or the write protection non-volatile memory means 105, the component 118 is deleted, and the application 118 stored in the non-volatile memory means 104 is processed by the processor means 102. This is a function realized by being executed. As a result, the certificate once revoked by the revocation information 152i3 can be revalidated.

  The certificate information output means 117 reads out and outputs corresponding information in response to an output request for data related to information stored in the nonvolatile memory means 104, the write protection nonvolatile memory means 105, etc. A certificate information 152 i 1 output request is received from the external terminal 142 through the data communication unit 122, and the certificate information 152 i 1 stored in the nonvolatile memory unit 104 or the write protected nonvolatile memory unit 105 is read in response to the output request. If the expiration date 152i2 has not expired, the component that outputs the valid certificate information 152i1 to the external terminal 142 through the non-contact data communication unit 122, the nonvolatile memory unit 104 or the write-protected nonvolatile memory A process for realizing such an operation related to the means 105. In the form of such a controller grams built.

  The application 118 is a program for outputting information related to the certificate information 152i1 from the mobile communication device 101, and is provided on the mobile communication device 101 in order to realize a function for displaying and outputting such information related to the certificate. It is a terminal application that is downloaded and executed. Specifically, for example, an i-appli (registered trademark) in a mobile phone with an i-mode (registered trademark) function is used.

  The data communication means 121 is a component for transmitting and receiving data such as programs and information by communication, and specifically, in the form of a data communication controller for transmitting and receiving data to and from a communication line by a predetermined protocol. is there. The non-contact data communication unit 122 is a component for communicating data in a non-contact state, specifically, a short-distance wireless communication unit such as a wireless LAN or Bluetooth, or data modulated and transmitted. It is a form such as an antenna having a data transmission / reception circuit that can be superimposed on a wave or demodulated and extracted from a received wave. The wireless communication unit 123 is a component for transmitting and receiving information wirelessly, and is specifically in the form of a high-frequency module or the like. The wireless communication unit 123 is connected to the data communication unit 121 and preferably the voice communication unit 124 described later on the mobile communication device 101 side, and provides a mobile phone service on the opposite side of the mobile communication device 101. Via a base station (not shown) used by a trader, voice information is connected to a mobile phone network, and data is connected to a network such as the Internet (registered trademark). The voice communication unit 124 is a component for communicating voice such as a telephone. Specifically, the voice communication unit 124 modulates voice into a data format capable of communication or demodulates a voice signal from voice in the data format. / D converter, D / A converter, etc. The voice communication unit 124 is necessary when the mobile communication device 101 is in the form of a mobile phone or the like, but is not necessarily required when it is in the form of a PDA or the like. However, if the mobile communication device 101 is a mobile phone or the like having the voice communication means 124, the user usually carries the mobile phone on a daily basis, and therefore the user information linked identification system 100a is used. In this case, the user does not need to carry a new device and is convenient and highly suitable.

  The network 141 is an environmental configuration for performing data communication. Specifically, the network 141 has a form such as the Internet connected via a mobile phone base station and a gateway.

  The external terminal 142 is a component of the other party that performs non-contact data communication with the non-contact data communication unit 122, and is in the form of a reader or a reader / writer that can perform non-contact communication. The external terminal 142 is installed on the entrance / exit route when reading the certificate information 152i1 for entrance / exit management in the user information-linked identification system 100a according to the first embodiment. When the certificate information 152i1 is read for identification in an item purchase interlocking identification system 100b or when electronic money payment processing is performed, it is preferably installed in or near the store cash register. Is done.

  The certificate information management server 152 invalidates the certificate information for the certificate information, that is, the certificate information 152i1, the expiration date 152i2 of the predetermined identity, and the certificate information that should be invalidated. This is a component for storing / managing invalidation information 152i3 indicating the fact, and specifically, it is arranged on the network 141, and stores such information in a hard disk drive or the like, and has database software for managing it. And a computer as a server.

  The certificate information management server 152 preferably further stores hardware identification information 152i4 for uniquely identifying the hardware of the mobile communication device 101 and an access key 152i5 for confirming that the user is valid. The certificate information management server 152 preferably includes an invalidation request reception unit 152a, an validation request reception unit 152b, a hardware identification information acquisition unit 152c, and an access key acquisition unit 152d.

  The invalidation request accepting unit 152a is a component that accepts an input of a certain type of certificate information invalidation request for a certain user and generates invalidation information in response to the invalidation request. For example, a web server function that provides a web browser with a user interface screen for accepting such a request from the Internet.

  The validation request accepting unit 152b accepts an input of a validation request for a certain type of certificate information for a certain user, and if the invalidation information exists in response to the validation request, the validation request accepting unit 152b A component that deletes information, specifically, a Web server function that provides a Web browser with a user interface screen for accepting such a request from the Internet.

  The hardware identification information acquisition unit 152c is a component that acquires hardware identification information 152i4 that uniquely identifies the hardware of the mobile communication device 101 during wireless data communication with the mobile communication device 101. Specifically, when the mobile communication device 101 is a mobile phone, the hardware identification information acquisition unit 152c, when the telephone number is the hardware identification information 152i4, inputs the telephone number from the user. A user interface function to accept, or a means for requesting and automatically receiving notification of the telephone number of the currently connected mobile phone by using the telephone number notification service of the mobile phone company. By using the hardware identification information 152i4, it is possible to verify whether the accessed mobile communication device 101 is valid.

  The access key acquisition unit 152d is a component that prompts the user to set the access key 152i5 for confirming that the user is valid, and acquires the set access key 152i5 via the network 141. Is a web server function that displays such a request screen and provides a web browser with a user interface screen for accepting input for the request from the Internet.

  The application download server 153 is a component that causes the mobile communication apparatus 101 to download an application 118 for outputting information related to the certificate information 152 i 1 from the mobile communication apparatus 101. Specifically, the application download server 153 is a network element 141. It is a form of a computer or the like as a server that is arranged above, stores the application 118 in a hard disk drive or the like, and has a Web server function for managing the download of the application 118.

  The write management server 154 stores and manages the correct write key 154 i of the write protection nonvolatile memory unit 105, and performs the correct write in response to a data write request to the write protection nonvolatile memory unit 105 received via the network 141. This is a component that transmits a data write command involving the key 154i1 to the mobile communication device 101 that is the data write request source via the network 141. Specifically, the data write command is arranged on the network 141 and for each write area It is a form of a computer or the like as a server having a function of storing a write key in a hard disk drive or the like and generating a data write command accompanying the write key 154i.

[Configuration of First Embodiment]
The user information management server 155 includes information related to the user's social life, that is, an entrance time 155i1 at a predetermined facility, an exit time 155i2 at a predetermined facility, a class name 155i3 of a user who is a student, and a course of a user who is a student It is a component that stores and manages the classroom name 155i4, the opening date and time 155i5 of the user who is a student, and the attendance information 155i6 of the user who is a student. It is in the form of a computer or the like as a server equipped with database software for storing and managing the drive.

[Configuration of Second Embodiment]
The service point management server 161 is a component that stores and manages a service point 161i issued in response to a user's purchase of goods at a commercial facility. Specifically, the service point management server 161 is arranged on the network 141 and stores the information on a hard disk. It is in the form of a computer or the like as a server equipped with database software for storing and managing the drive. The service point 161i corresponds to the value of a predetermined percentage (for example, 10%) of the purchase price of the product, for example. The service point 161i is preferably issued by a service point issuing terminal 181 described later and is not stored in the mobile communication device 101, but is stored for each user in the service point financial institution server 162 described later. Managed.

  The service point financial institution server 162 is a component that manages the balance information of the financial institution account for settlement of the service point 161 i possessed by the service point issuing entity. Specifically, the service point financial institution server 162 is arranged on the network 141 and This information is stored in a hard disk drive or the like, and is a form of a computer as a server equipped with database software or the like for managing the information.

  The electronic money management server 163 is a component that is connected to an electronic money payment terminal 182 (to be described later) and an electronic money financial institution server 164 (to be described later) and performs electronic money settlement processing. Specifically, the electronic money management server 163 is disposed on the network 141. The information is stored in a hard disk drive or the like, and is in the form of a computer as a server equipped with database software or the like for managing the information. The electronic money management server 163 includes electronic money issue balance management means 163a and electronic money settlement processing request means 163b. The electronic money issuance balance management unit 163a is a component that stores and manages the issued balance of each issued electronic money, and specifically includes a database function executed by the electronic money management server 163. The electronic money settlement processing request unit 163b receives the electronic money payment amount notified from the electronic money payment amount notification unit 182c, which will be described later, and stores the electronic money for which the payment stored in the electronic money issue balance management unit 163a has been performed. The financial institution possessed by the commercial facility in which the user purchased the product with the electronic money from the financial institution account held by the electronic money issuing entity with respect to the electronic money financial institution server 164 described later by subtracting the amount of payment of the electronic money from the issued balance This is a component that transmits a request to transfer the electronic money payment amount to an account, and is specifically realized by executing a program that realizes such a function on a processor of the electronic money management server 163. Functions. The electronic money payment amount is information including a specific payment amount, and preferably a code such as a serial number that uniquely identifies the electronic money. Can be identified.

  The electronic money financial institution server 164 is a component that manages the balance information of the financial institution account for settlement of electronic money possessed by the electronic money issuer. Is stored in a hard disk drive or the like, and is in the form of a computer as a server provided with database software or the like for managing it.

[Configuration of First Embodiment]
The admission time transmitting means 171 is connected to the external terminal 142 installed on the admission route of the predetermined facility, and the certificate information 152i1 of the certificate information 152i1 is confirmed through the non-contact data communication means 122 for confirming admission at the predetermined facility of the user. The certificate information 152i1 is received from the certificate information output unit 117 by transmitting an output request to the certificate information output unit 117, and accordingly, the certificate information 152i1 identifies that the user has a predetermined identity. A component that transmits the time when the certificate information 152i1 is received to the user information management server 155 via the network 141 to store the entry time of the user at the predetermined facility. Is in the form of a computer terminal or the like on which a program that performs such a function is operating. .

  The exit time transmission unit 172 is connected to the external terminal 142 installed on the exit route of the predetermined facility, and the certificate information 152i1 of the certificate information 152i1 is confirmed through the non-contact data communication unit 122 for confirming the exit of the user at the predetermined facility. The certificate information 152i1 is received from the certificate information output means 117 by transmitting an output request to the certificate information output means 117, and the certificate information 152i1 accordingly identifies that the user has a predetermined identity. And a component that transmits the time when the certificate information 152i1 is received to the user information management server 155 via the network 141 in order to store the exit time of the user at the predetermined facility. Is in the form of a computer terminal or the like on which a program for executing such a function is operating. . The external terminal 142 connected to the exit time transmitting unit 172 may be the same device installed on the entrance / exit route with the external terminal 142 connected to the entrance time transmitting unit 171 or may be a different device. There may be.

  The entrance time transmission unit 171 and the exit time transmission unit 172 may be the same device connected to a single external terminal 142 installed in the entrance / exit route field.

[Configuration of Second Embodiment]
The service point issuance terminal 181 is a component for issuing a service point 161i in response to the purchase of a product by a user having a predetermined identity at a commercial facility. Specifically, a program for executing such a function operates. And is preferably integrated with the store cash register. The service point issuing terminal 181 includes a certificate information receiving unit 181a, a product price obtaining unit 181b, and a service point issuing unit 181c. The certificate information receiving unit 181a is a component that receives the certificate information 152i1 from the certificate information output unit 117 through the contactless data communication unit 122 and the external terminal 142, and specifically, implements such a function. This is a function realized by executing a program on a processor included in the service point issuing terminal 181. The product price acquisition unit 181b is a component for acquiring the price of the product according to the user's product purchase at the commercial facility. Specifically, the product price acquisition unit 181b is used for a cash register for a store (the electronic money payment terminal 182 is used) For example, when the price of the product is input to the electronic money payment terminal 182, the price of the input product is received from the cash register for the store. The service point issuing unit 181c is configured to provide the product price acquired by the product price acquiring unit 181b on the condition that the user is identified by the certificate information 152i1 received by the certificate information receiving unit 181a. It is a component that issues a service point 161i according to the price and transmits it to the service point management server 161 for addition of the service point 161i. Specifically, a program that realizes such a function is a service The functions are realized by being executed on the processor of the point issuing terminal 181.

  The electronic money payment terminal 182 is connected to the external terminal 142 and is a component that performs payment processing with electronic money using the price as electronic money payment amount according to the user's purchase of goods at a commercial facility. It is in the form of a computer terminal or the like on which a program for executing such a function is operating, and is preferably integrated with a store cash register. The electronic money payment terminal 182 includes product price input means 182a, electronic money payment processing means 182b, and electronic money payment amount notification means 182c. The merchandise price input means 182a is a component that accepts the input of the price of the merchandise according to the user's merchandise purchase at the commercial facility. For example, it is an interface function for acquiring the price of a product from the input. The electronic money payment processing means 182b stores the correct write key of the balance information writing area 105b of the write protection nonvolatile memory means 105, and accompanies the correct write key according to the price of the product input to the product price input means 182a. A component that transmits a balance withdrawal command for changing the balance information of the electronic money to a value obtained by removing the electronic money payment amount corresponding to the price of the product to the mobile communication device 101 through the external terminal 142 and the non-contact data communication unit 122 Specifically, it is a function realized by executing a program that realizes such a function on a processor included in the electronic money payment terminal 182. The electronic money payment processing means 182b is preferably provided with physical security so that a malicious third party cannot obtain the correct write key in the balance information write area 105b by hardware analysis or the like. . The electronic money payment amount notification means 182c is a component that notifies the electronic money management server 163 that payment of the electronic money payment amount by electronic money has been performed. Is a function realized by executing a program for realizing the above on a processor of the electronic money payment terminal 182.

  Next, operations of the user information-linked identification system 100a according to the first embodiment of the present invention and the product purchase-linked identification system 100b according to the second embodiment will be described with reference to the drawings. The overall operation is largely "User registration", "Application download", "Certificate information write", "Revocation information acquisition", "Certificate information output", "Entry / exit time management", "Service point issuance" And “electronic money payment processing”. Hereinafter, the operations of the common part and the non-common part of the user information-linked identification system 100a according to the first embodiment and the product purchase-linked identification system 100b according to the second embodiment will be described. .

[First and Second Embodiments: User Registration Operation]
First, the operation of “user registration” will be described. FIG. 7 is an operation flow related to the “user registration” operation of the user information-linked identification system 100a according to the first embodiment of the present invention and the product purchase-linked identification system 100b according to the second embodiment. FIG. In order to use the user information-linked identification system 100a or the product purchase-linked identification system 100b according to the second embodiment, the user needs to be registered as a user in the system.

  In order to use the user information linked identification system 100a or the product purchase linked identification system 100b according to the second embodiment, an application 118 for executing the function is downloaded to the mobile communication device 101 and executed. There is a need to. Any number of applications 118 may be freely downloadable, but from the viewpoint of security, it is preferable to permit only the registered users to download the application 118.

  The user accesses the application download application site provided on the WWW by the certificate information management server 152 in order to connect the mobile communication device 101 to the Internet and register as a system user (step S101). At the time of initial user registration, it is also possible to access the application download application site from a terminal such as a PC other than the mobile communication device 101 to be used. First, the certificate information management server 152 transmits a download application screen for confirming whether the accessing user is registered in a predetermined database in advance to the mobile communication device 101 (step S103). If the user is a student, each user needs to be registered in advance in a student database managed by the school using a student ID number or the like as a user ID. Passwords are issued and notified to registered students in advance.

  The user inputs a user ID (for example, a student ID number) and a password notified in advance on the download application screen (step S105). The certificate information management server 152 confirms the input user ID and password using a student database, and authenticates the user. After the authentication, the certificate information management server 152 transmits an input request screen requesting input of the hardware identification information 152i4, the access key 152i5, and the mail address to the mobile communication device 101 or the like (step S107). Since it is preferable to identify the hardware that downloads the application 118 and the person who uses the hardware after downloading the application 118 in order to prevent unauthorized access such as impersonation, the hardware identification information is used for that purpose. 152i4 and access key 152i5 are used.

  The hardware identification information 152i4 is information for uniquely identifying the hardware to be accessed. Here, the hardware identification information 152i4 requests the input of the telephone number of the mobile phone. The hardware identification information 152i4 is information that can be automatically acquired during communication with the mobile communication device 101. In addition, an e-mail address for a mobile phone, a cookie, an electronic certificate, or the like can be used. Therefore, the hardware identification information 152i4 may be automatically acquired instead of requesting the user to input at the time of registration. However, when an input is requested from the user at the time of registration, for example, even when the user accesses from a terminal such as a PC that is different from the mobile communication device 101 to be used, the hardware identification information 152i4 is appropriately registered. Is possible. When the telephone number is used as the hardware identification information 152i4, the telephone number of the currently connected mobile phone may be automatically acquired by using the telephone number notification service of the mobile phone company. Also, hardware identification information is stored in the ROM, the nonvolatile memory means 10, the write protection nonvolatile memory means 105, etc. in the mobile communication device 101, and the hardware identification information 152i4 is automatically transmitted and received during communication. May be obtained.

  The access key 152i5 is information for authenticating a person who actually uses the mobile communication device 101, and can be, for example, a 4-digit number. The user sets an appropriate access key 152i5 here. Later, when another person uses the mobile communication apparatus 101, it is possible to authenticate the person who actually uses the mobile communication apparatus 101 by requesting the input of the correct access key 152i5. For example, the mobile communication apparatus 101 It is possible to ensure security in the case where 101 is lost or stolen. The e-mail address is used for e-mail notification of the completion of registration, the site address for downloading the application 118, and the like.

  The user inputs the hardware identification information 152i4, the access key 152i5, and the mail address on the input request screen displayed on the mobile communication device 101 (step S109). The certificate information management server 152 stores the hardware identification information 152i4, the access key 152i5, and the e-mail address input from the mobile communication device 101, and displays a registration completion screen for notifying that the registration is completed on the mobile communication device 101. Transmit (step S111). The mobile communication device 101 displays the transmitted registration completion screen and notifies the user that registration has been completed (step S113).

[First and Second Embodiments: Application Download]
Next, the operation of “application download” will be described. FIG. 8 is an operation flow related to the operation of “application download” in the user information-linked identification system 100a according to the first embodiment of the present invention and the product purchase-linked identification system 100b according to the second embodiment. FIG.

  The user needs to download the application 118 to the mobile communication device 101 used for identification. The user uses the mobile communication device 101 used for identification, and connects to an application download site provided by the application download server 153 on the WWW (step S121).

  The application download server 153 transmits a download screen, which is an authentication screen for permitting the user to download, to the mobile communication device 101 (step S123). For the authentication, hardware identification information 152i4, access key 152i5, and the like can be used.

  The mobile communication device 101 receives and displays the download screen, and requests input of hardware identification information 152i4 (step S125). Here, the input of the access key 152i5 may be obtained. Further, the hardware identification information 152i4 may be automatically acquired by the application download server 153.

  The application download server 153 authenticates the user using the hardware identification information 152i4 input to or acquired from the mobile communication device 101. The authentication may further use the access key 152i5. After the authentication, the application download server 153 starts downloading by transmitting the application 118 to the mobile communication device 101 (step S127). The mobile communication device 101 receives the application 118 and stores it in the nonvolatile memory means 104 (step S129). After receiving the application 118, the mobile communication device 101 sets an initial state indicating that the certificate information 152i1 can be newly received.

[First and second embodiments: writing certificate information]
Next, the operation of “certificate information writing” will be described. FIG. 9 relates to the “certificate information writing” operation of the user information-linked identification system 100a according to the first embodiment of the present invention and the product purchase-linked identification system 100b according to the second embodiment. It is an operation | movement flowchart.

  First, the user activates the application 118 in the mobile communication device 101. In order to confirm that the application 118 is a correct user, the application 118 prompts the user to input the access key 152i5 at the first startup of the application 118, and certifies the certificate information management server 152 with the input access key 152i5. The download of the document information 152i1 is requested (step S131). The application 118 stores the connection destination address of the certificate information management server 152 and connects to the certificate information management server 152 in accordance with a user operation. When the certificate information 152i1 is received and stored in the mobile communication device 101 by the function of the application 118, the mobile communication device 101 can function as a terminal for identification.

  The certificate information management server 152 stores certificate information 152i1 and expiration date 152i2 in association with each user. The certificate information management server 152 verifies the access key 152i5 input to the mobile communication device 101, and executes user authentication by confirming that there is an access from a correct user. After the user authentication, the certificate information management server 152 transmits the certificate information 152i1 and the expiration date 152i2 stored in association with the user to the mobile communication device 101 (step S133). At this time, the certificate information management server 152 preferably automatically acquires the hardware identification information 125i4 of the mobile communication device 101, and obtains the certificate from the correct mobile communication device 101 having the registered hardware identification information 125i4. It is confirmed that there has been a request for downloading information 152i1.

  The mobile communication device 101 acquires the certificate information 152i1 and the expiration date 152i2 from the certificate information management server 152 (Step S135). The mobile communication device 101 stores the acquired certificate information 152i1 and expiration date 152i2 by writing them in the nonvolatile memory 104 (step S137). As described above, by storing the certificate information 152i1 or the like in the mobile communication device 101, even if the mobile communication device 101 cannot be connected to the network due to the location or wireless data communication status, It becomes possible to prove. Here, the mobile communication device 101 can also store the acquired certificate information 152i1 and expiration date 152i2 by writing them into the write protected nonvolatile memory 105 that requires the write key 154i for writing. In this case, the mobile communication apparatus 101 writes the data with the correct write key 154i for storing the certificate information 152i1 and the expiration date 152i2 acquired from the certificate information management server 152 in the write protected nonvolatile memory means 105. By sending a request for sending an instruction from the write management server 154 to the write protection nonvolatile memory means 105 via the network to the write management server 154 via the network, the certificate information 152 i 1 and the expiration date 152 i 2 are written to the nonvolatile memory. It is stored in the memory means 105.

  The non-volatile memory unit 104 and the write-protected non-volatile memory 105 can output the certificate information 152i1 stored therein through the non-contact communication unit 122 by the certificate information output unit 117 without executing the application 118. . In particular, the content of the write-protected non-volatile memory 105 cannot be rewritten unless the correct write key 154i is provided, so that not only is suitable for security, but a solution combined with the non-contact communication means 122 is on the market. Since it is provided, it is advantageous in constructing the system.

  The write-protected non-volatile memory means 105 has one write area or a plurality of write areas for storing the certificate information 152i1. In the case of having one writing area for storing the certificate information 152i1, when writing the certificate information 152i1 and the expiration date 152i2, the other certificate information 152i1 and the expiration date 152i2 are already written. If so, erase it. Even when there is only one write area, it is possible to store a plurality of applications 118 for proving different types of identity, but the write protection nonvolatile memory means 105 can store any one of them. Only the certificate information 152i1 corresponding to can be stored. When the application 118 for proving the type of identity to be stored in the write protected nonvolatile memory means 105 is activated, the certificate information 152 i 1 proved by the application 118 is written in the write protected nonvolatile memory means 105. Thus, the mobile communication device 101 can function to prove the corresponding identity. If there is only one write area, the area of the write protected nonvolatile memory means 105 is not compressed, and if the management entity of the write key 154i collects a management fee, a management fee is charged. Can be reduced. Further, even if the mobile communication device 101 is lost and transferred to a malicious third party, it can function as only one type of identification card, so damage can be minimized.

  On the other hand, when the certificate information 152i1 has a plurality of write areas for storing the certificate information 152i1, when writing the certificate information 152i1 and the expiration date 152i2, for example, when writing to the write area 105a1, the same write area 105a1 is used. If other certificate information 152i1 and expiration date 152i2 have already been written, they are deleted. In this case, a plurality of applications 118 for proving different types of identity can be stored, but the write protection nonvolatile memory means 105 also stores certificate information 152i1 corresponding to the plurality of statuses. Can be made. Therefore, as long as the certificate information 152 i 1 is written in the write-protected nonvolatile memory means 105, it can function as a plurality of types of identification certificates without activating the application 118.

[First and Second Embodiment: Acquisition of Invalidation Information]
Next, the operation of “invalidation information acquisition” will be described. FIG. 10 relates to the “invalidation information acquisition” operation of the user information-linked identification system 100a according to the first embodiment of the present invention and the product purchase-linked identification system 100b according to the second embodiment. It is an operation | movement flowchart. The mobile communication apparatus 101 in which the certificate information 152i1 and the like are stored periodically checks the presence / absence of the invalidation information 152i3 in order to check the validity of the certificate information 152i1. The confirmation is preferably performed by the operation of the application 118, but may be performed by a controller included in the write protected nonvolatile memory means 105. When the application 118 executes the confirmation, the application 118 needs to operate. However, when the user activates the application 118, the confirmation can be performed by the mobile communication device 101 at every predetermined time. It can also be executed by temporarily starting it.

  The revocation information 152i3 is information that exists for the certificate information 152i1 that is supposed to be revoked, and is information that indicates that the certificate information is revoked. Although it is possible to use information indicating that the certificate information 152i1 is valid and not to use the invalidation information 152i3, this indicates that the certificate information 152i1 is valid. Since the absence of “information to be represented” corresponds to the presence of the invalidation information 152i3, it is included in the invalidation information 152i3. The invalidation information 152i3 is generated when the invalidation request accepting unit 152a accepts an input of an invalidation request for a certain type of certificate information for a certain user, and the validation request accepting unit 152b is a certain type for the certain user. Deleted by accepting the input of certificate information validation request.

  The mobile communication device 101 confirms whether or not the revocation information 152i3 exists in the certificate information management server 152 by executing the application 118 by the processor unit 102 (step S141). This is a confirmation of the presence / absence of invalidation information 152i3. At that time, since it is also confirmed whether or not the user is a correct user, it is said that this is performed periodically (primary period). It can also be seen that certification is carried out regularly.

  When checking whether the revocation information 152i3 exists in the certificate information management server 152, preferably, the hardware identification information 152i4 of the mobile communication device 101 is acquired by the certificate information management server 152. , Thereby identifying the hardware. More preferably, the access key 152i5 is transmitted from the mobile communication device 101. The access key 152i5 may require the user to input each time the mobile communication device 101 confirms the presence / absence of the invalidation information 152i3. However, this makes the user feel quite complicated. On the other hand, the mobile communication device 101 stores the access key 152i5 when it is input for the first time, and when checking the presence / absence of the invalidation information 152i3 from the next time, the stored access key 152i5 is stored. The certificate information management server 152 can also be used for confirmation. In this case, the user does not need a complicated operation, but there is a disadvantage that the security is lowered when the mobile communication device 101 is lost. Preferably, when checking whether or not invalidation information 152i3 from the next time is present in the certificate information management server 152, a predetermined number of times since the access key 152i5 was previously input to the mobile communication device 101 by the user. If the period has elapsed, it is requested to re-enter the access key 152i5 into the mobile communication device 101, and it is confirmed that the correct access key 152i5 has been re-entered there.

  The certificate information management server 152 acquires the hardware identification information 152i4 of the mobile communication device 101 that has confirmed the invalidation information 152i3, and has already downloaded the certificate information to the mobile communication device 101 identified thereby. A search is made for the presence of invalidation information 152i3 in 152i1, and if invalidation information 152i3 exists, the fact that it exists is transmitted to the mobile communication device 101 (step S143). At this time, the certificate information management server 152 identifies the user using the access key 152i5 without using the hardware identification information 152i4, and among the certificate information 152i1 already downloaded to the user. If the invalidation information 152i3 exists, it is possible to search the mobile communication apparatus 101 to find that the invalidation information 152i3 exists. The certificate information management server 152 can also identify the user and the mobile communication device 101 by using both the hardware identification information 152i4 and the access key 152i5. The mobile communication device 101 checks whether or not the certificate information management server 152 has transmitted the presence of the invalidation information 152i3 for the certificate information 152i1 related to a certain identity (step S145).

Here, the certificate information management server 152 receives the invalidation stored in association with the same user from the mobile communication device 101 having the hardware identification information 152i4 other than the hardware identification information 152i4 stored in association with a certain user. When it is confirmed whether or not the information 152i3 exists, it is preferable to notify the mobile communication apparatus 101 that the invalidation information 152i3 exists. With this configuration, when there is confirmation from a device other than the registered mobile communication device 101, the certificate information 152i1 in the mobile communication device 101 can be invalidated to ensure higher security. it can.
Also, the certificate information management server 152 receives certificate information stored in association with the same user from the mobile communication device 101 having the hardware identification information 152i4 other than the hardware identification information 152i4 stored in association with a certain user. When 152i1 and expiration date 152i2 are acquired, it is preferable to change the hardware identification information 152i4 to be stored to hardware identification information 152i4 other than the hardware identification information 152i4 stored in association with the user. With this configuration, the mobile communication device 101 that obtains the certificate information 152i1 and the expiration date 152i2 can be fixed to one, and higher security can be ensured.

  When the presence of the revocation information 152i3 for the certificate information 152i1 related to a certain identity is transmitted, the mobile communication device 101, when the corresponding certificate information 152i1 is written in the nonvolatile memory means 104, , Information indicating that it is invalid is written therein (step S147). As a method of expressing the information indicating that it is invalid, the certificate information 152i1 may be deleted, or a flag indicating invalidity may be added to the corresponding certificate information 152i1. Further, when the certificate information 152 i 1 is stored in the write protection nonvolatile memory unit 105, the certificate information 152 i 1 is accompanied by a correct write key 154 i for storing the information indicating that the certificate information 152 i 1 is invalid in the write protection nonvolatile memory unit 105. By transmitting a request for transmitting a data write command from the write management server 154 to the write protection nonvolatile memory means 105 via the network to the write management server 154 via the network, information indicating that the data is invalid is written protected nonvolatile Memory means 105. When the write-protected non-volatile memory means 105 has a plurality of write areas, the above processing is executed for the corresponding write areas. The same applies hereinafter.

  If the presence of the invalidation information 152i3 for the certificate information 152i1 related to a certain identity is not transmitted, the mobile communication device 101 determines that the invalidation information 152i3 for the corresponding certificate information 152i1 is the non-volatile memory means 104 ( Alternatively, if it has been written in the write protected nonvolatile memory means 105), the information indicating that it is invalid is deleted, and the certificate information 152i1 is validated (step S149). When the certificate information 152i1 is erased due to the presence of the invalidation information 152i3, all types of certificate information 152i1 downloaded to the user are stored in the nonvolatile memory means 104 (or write protected nonvolatile memory). Whether or not the certificate information 152i1 that does not exist, that is, has been deleted, may be downloaded to the mobile communication device 101 again.

  Here, a period for confirming the existence of the invalidation information 152i3 will be described. The presence of the invalidation information 152i3 is confirmed every primary period that is a predetermined period. Since wireless data communication is used to confirm the presence of the invalidation information 152i3, for example, when the mobile phone usage fee is charged by the amount of data communication (number of packets), the confirmation interval is shortened. The usage fee will be higher. However, if the confirmation interval is lengthened, acquisition of the invalidation information 152i3 is delayed even if it is generated. Therefore, the primary period is set to an appropriate interval, for example, 24 hours.

  On the other hand, the confirmation for each primary period may not succeed depending on the state of wireless data communication at that time. If such a thing continues, the presence or absence of the invalidation information 152i3 cannot be confirmed for a long time, and a security problem arises. Therefore, a secondary period that is a predetermined period is set longer than the primary period, and confirmation as to whether or not the invalidation information 152i3 for each primary period exists in the certificate information management server 152 continues depending on the state of the wireless data communication. Whether the period after the successful confirmation of whether or not the previous revocation information 152i3 exists in the certificate information management server 152 exceeds the secondary period. If it is determined and exceeded, information indicating that the certificate information 152i1 is invalid is stored in the nonvolatile memory means 104 (or the write-protected nonvolatile memory means 105), thereby invalidating the certificate information 152i1. (Step S151, Step S153). The secondary period can be, for example, 7 days.

  On the other hand, whether or not the revocation information 152i3 exists in the certificate information management server 152 is checked every primary period (step S155). Note that the primary period and the secondary period may be different periods depending on the type of identification to be proved, and it is preferable to use a shorter period for identification that requires high security.

[First and Second Embodiments: Certificate Information Output]
Next, the operation of “certificate information output” will be described. FIG. 11 is an operation flow diagram related to the “certificate information output” operation of the user information-linked identification system 100a according to the first embodiment of the present invention. When the application 118 is operating, a certificate display request (for example, a predetermined key input) is received from the outside, and the expiration date 152i2 has not expired and the invalidation information 152i3 is received according to the display request. If the certificate information 152i1 is not confirmed, the certificate information 152i2 from the non-volatile memory means 104 (or the write-protected non-volatile memory means 105) is provided on the condition that the user is identified by the certificate information 152i1. Is generated, and a certificate image including information identifying the user and a display indicating that the user has a predetermined identity is generated based on the information and displayed on the display screen (step S161). An example of a certificate image is shown in FIG. The screen design of the certificate image (with face photo) 191A and certificate image (without face photo) 191B includes a face photo (certificate image (with face photo) 191A only), number, and expiration date as shown in the figure. , Name, display date and time (date, time, location, etc.) for preventing duplication. Preferably, a predetermined background (background fixed data) is displayed. In FIG. 17, the hatched area is a fixed data area, and the other areas are non-fixed data areas. By appropriately combining them to form a certificate image, it is possible to express a high reliability and display a certificate that is difficult to duplicate. This makes it possible to execute the same function as a conventional certificate such as a paper medium.

  The certificate image is preferably displayed in accordance with a predetermined request (key input or the like) input from the user, with respect to the image, enlarged display, reverse display, blink, brightness change, hue change, saturation change, At least one of various image processing including character synthesis can be performed. By adding such a function, it becomes possible to distinguish the mobile communication device 101 that displays the certificate image from a fake device that simply displays the same image.

  Regardless of whether or not the application 118 is operating, the output request of the certificate information 152i1 is received from the external terminal 142 through the non-contact data communication unit 122, and the nonvolatile memory unit 104 (or write) is received according to the output request. The certificate information 152 i 1 stored in the protected nonvolatile memory means 105) is read, and if the expiration date 152 i 2 has not expired, the valid certificate information 152 i 1 is output to the external terminal 142 through the contactless data communication means 122. This makes it possible to output certificate information 152i1 that can be identified electronically, unlike a conventional certificate such as a paper medium, and can be applied to various uses.

  Further, by simultaneously displaying the certificate image and outputting the certificate information 152 i 1, the person who confirms the identity visually confirms the certificate image displayed on the mobile communication device 101 while confirming the identity. Information processing based on the certification can be automatically performed by using the output certificate information 152i1.

  If the expiration date 152i2 has expired, preferably the certificate information 152i1 is not output. In addition, regardless of whether or not the expiration date 152i2 has expired, the information on the expired expiration date 152i2 and the certificate information 152i1 are output together, and the portion after the external terminal 142 that received the expiration date 152i2 It is also possible to make it possible to confirm whether or not the password has expired. In either case, the “valid” certificate information 152i1 is not output.

[First Embodiment: Entrance / Exit Time Management]
Next, the operation of “entrance / exit time management” will be described. FIG. 12 is an operation flow diagram related to the “entrance / exit time management” operation of the user information-linked identification system 100a according to the first embodiment of the present invention. In the user information interlocking identification system 100a, the contact information can be output to the external terminal 142 by the non-contact data communication means 122, so that entrance / exit management is performed using the certificate information 152i1. Can do.

  The user information management server 155 includes information related to the user's social life, that is, an entrance time 155i1 at a predetermined facility, an exit time 155i2 at a predetermined facility, a class name 155i3 of a user who is a student such as a student, and a student such as a student. The class name 155i4 of the user who is, the date and time 155i5 of the user who is a student such as a student, and the attendance information 155i6 of the user who is a student such as a student are stored and managed. When the user is a student such as a student, the entrance time 155i1 can be associated with the attendance time in the classroom by setting the predetermined facility as the classroom. Also, if the user is a person employed by an organization including a school or a company, such as a company employee or faculty member, the entrance time 155i1 is used as the work time and the exit time 155i2 is left as the work place. It becomes possible to associate with the time.

  For admission management, the external terminal 142 is installed on an admission route of a predetermined facility for which admission is to be managed, and the user holds the mobile communication device 101 over the admission record to record the admission. Then, the admission time transmission means 171 connected to the external terminal 142 sends an output request for the certificate information 152i1 through the non-contact data communication means 122 to confirm the admission at a predetermined facility of the user. The certificate information 152i1 is received therefrom by being transmitted to the output means 117), and the certificate information 152i1 is received on the condition that the user is identified by the certificate information 152i1 accordingly. The received time is transmitted to the user information management server 155 via the network in order to store the entry time 155i1 at the predetermined facility of the user (step S171). When transmitting the received time, naturally, information identifying the user and information identifying the admission time transmission means are also transmitted at the same time, thereby knowing which user has entered at which facility. Can do.

  For a certain facility, only the entrance time transmission unit 171 may be installed, or both the entrance time transmission unit 171 and the exit time transmission unit 172 may be installed. When both are installed, the external terminal 142 to which the entrance time transmission unit 171 is connected and the external terminal 142 to which the exit time transmission unit 172 is connected may be the same or different. . If they are different, only the admission time transmission means 171 receives the certificate information 152i1 in the case of entrance, and only the exit time transmission means 172 receives the certificate information 152i1 in the case of exit. And exit can be clearly distinguished. On the other hand, if these external terminals 142 are the same, it is determined whether to enter or leave using the time itself, or the user selects the entry or exit by another method (key input). There is a need. However, in this case, the number of external terminals 142 may be small.

  The user information management server 155 receives information such as time from the admission time transmission means 171 and stores it as admission time 155i1 indicating which user entered which facility (including date) at which time (step S173). . When the user is a student such as a student and the attendance time is received by the entrance time transmitting means 171, attendance information 155i6 is generated from the entrance time 155i1 and stored. When the entrance time in the user's classroom is received, the received entrance time 155i1 in the classroom is compared with the opening classroom name 155i4 and the opening date / time 155i5, the classroom corresponds to the opening classroom name atti4, and the entrance time If 155i1 corresponds to the start date and time 155i5, it is determined that the user has attended the corresponding lesson section, and attendance information 155i6 indicating that is the class timetable information (the lesson section name 155i3, the opening classroom) The name 155i4 and the start date / time 155i5) are further stored in association with each other.

  The user information management server 155 can transmit corresponding attendance information 155i6 to the mobile communication device 101 in response to a request for confirmation of class attendance status from the user's mobile communication device 101. In that case, it is preferable to authenticate the mobile communication device 101 using the hardware identification information 152i4. As a result, attendance information that is personal information of the user can be confirmed only by the mobile communication device 101 possessed by the user. For the authentication, the user may be authenticated using the access key 152i5.

  The user information management server 155 further stores grade information (not shown) representing the grade of the user, and in response to a grade confirmation request from the user's mobile communication device 101, the corresponding grade information is transferred to the mobile communication. It can be sent to the device 101. Also at this time, the mobile communication device 101 and the user can be authenticated with the hardware identification information 152i4 and the access key 152i5.

  For exit management, the external terminal 142 is installed on the exit route of a predetermined facility for which exit is to be managed, and the user holds the mobile communication device 101 over the exit in order to record the exit. Then, the exit time transmission unit 172 connected to the external terminal 142 sends an output request for the certificate information 152i1 through the non-contact data communication unit 122 to confirm the user's exit at a predetermined facility. The certificate information 152i1 is received therefrom by being transmitted to the output means 117), and the certificate information 152i1 is received on the condition that the user is identified by the certificate information 152i1 accordingly. The received time is transmitted to the user information management server 155 via the network for storing the entry time 155i1 at the predetermined facility of the user (step S175). When transmitting the received time, naturally, information identifying the user and information identifying the exit time transmission means are also transmitted at the same time, thereby knowing which user has exited at which facility. Can do.

  The user information management server 155 receives information such as the time from the exit time transmission means 172, and stores it as an exit time 155i2 indicating which user exited at which facility (including date) at which time (step S177). .

  Note that a plurality of certificate information management servers 152 may exist according to each of a plurality of types of predetermined positions. In this case, it is preferable that each identity management entity manages each certificate information management server 152. Then, the at least one certificate information management server 152 transmits the certificate information 152i1 that it manages to at least one other certificate information management server 152 that links the management of the entry time at the predetermined facility of the user, The at least one other certificate information management server 152 stores the certificate information 152 i 1 received from the at least one certificate information management server 152. As a result, the certificate information 152 i 1 can be linked among the plurality of certificate information management servers 152.

[Second Embodiment: Issuing Service Points]
Next, the operation of “service point issuance” will be described. FIG. 13 is an operational flow diagram related to the “service point issuance” operation of the commodity purchase interlocking identification system 100b according to the second embodiment of the present invention. Thereby, it can be proved that the user who purchases the product (including “service” in the product) at the commercial facility is subscribed to the membership system by holding the mobile communication device 101 over the external terminal 142, and Service points can be automatically issued and managed according to product purchases.

  When the user purchases a product or the like at a commercial facility, the user holds the mobile communication device 101 over the external terminal 142 connected to the service point issuing terminal 181, so that the certificate information output means 117 of the mobile communication device 101 can set the service point. In response to a request from the issuing terminal 181, the certificate information 152 i 1 is transmitted to the service point issuing terminal 181 through the contactless data communication unit 122 (step S 181). The service point issuing terminal 181 receives the certificate information 152i1 from the certificate information output unit 117 of the mobile communication device 101 (step S183).

  The product price acquisition means 181b of the service point issuing terminal 181 acquires information on the price of the product according to the user's product purchase at the commercial facility (step S185). That is, the product price acquisition unit 181b receives the price of the input product such as a store cash register. The service point issuance terminal 181 confirms that the user who purchased the product has a predetermined identity based on the certificate information 152i1, and sets the price of the product acquired by the product price acquisition unit 181b on the condition that it is confirmed. In response, the service point 161i is issued to the user and transmitted to the service point management server 161 (step S187). At this time, the service point 161 i only needs to be finally stored in the service point management server 161. For example, the service point issuing terminal 181 transmits the price of the product as it is to the service point management server 161, and The received service point management server may issue the service point 161i. In other words, “service point issuance” at the service point issuance terminal 181 is processing according to the price of a product for finally issuing the service point 161i. The service point management server 161 receives the service point 161i from the service point issuing terminal 181 and stores and manages it in association with the user (step S189).

[Second Embodiment: Electronic Money Payment Processing]
Next, the operation of “electronic money payment processing” will be described. FIG. 14 is an operation flow diagram related to the operation of “electronic money payment processing” in the product purchase interlocking identification system 100b according to the second embodiment of the present invention. This electronic money payment process is preferably performed simultaneously with the above-mentioned “service point issuance” when a user purchases a product or the like at a commercial facility.

  The product price input means 182a of the electronic money payment terminal 182 accepts input of product price information corresponding to the user's product purchase at the commercial facility (step S191). That is, the product price input means 182a accepts the input of the price of the product, or when the price of the product is input to a store cash register or the like, acquires the price of the product from there.

  The electronic money payment terminal 182 stores the correct write key 154 i in the balance information write area 105 b of the write protected nonvolatile memory means 105. In accordance with the price of the product input to the product price input means 182a, the balance withdrawal that changes the balance information of the electronic money with the correct write key 154i to a value obtained by subtracting the electronic money payment amount corresponding to the price of the product The command is transmitted to the mobile communication device 101 through the external terminal 142 and the non-contact data communication unit 122 (step S193).

  The mobile communication device 101 receives the balance withdrawal command, and in response to this, the balance information stored in the balance information write area 105b of the write protection nonvolatile memory means 105 is changed to an electronic money payment amount corresponding to the price of the product. It changes to what has been removed (step S195). As a result, the balance of the user's electronic money is reduced in accordance with purchase of the product.

  The electronic money payment terminal 182 notifies the electronic money management server 163 that payment by electronic money of the electronic money payment amount corresponding to the price of the product has been performed (step S197). This notification is substantially a request for transferring the price of the product, and is encrypted so that a malicious third party cannot modify or forge it. With this notification, the commercial facility delivers the product to the user, and the fact that the balance information of the user's electronic money has been reduced by the amount of electronic money paid corresponding to the price of the product issuance of electronic money managing the electronic money management server 163 The subject is notified. Thereby, the management entity of electronic money knows that it is necessary to pay the commercial facility an amount corresponding to the electronic money payment amount.

  The electronic money management server 163 receives the electronic money payment amount notified from the electronic money payment terminal 182, and the electronic money management server 163 for the paid electronic money is stored in the electronic money issue balance management unit 163 a. The electronic money payment amount is subtracted from the issued balance, and the electronic money financial institution server 164 transfers the electronic money payment amount from the financial institution account of the electronic money issuer to the financial institution account of the commercial facility. A request is transmitted (step S199). As a result, the electronic money issuer pays the commercial facility the amount corresponding to the electronic money payment amount corresponding to the price of the product.

[Second Embodiment: Service Point Reduction]
Next, the operation of “service point reduction” will be described. FIG. 15 is an operation flow diagram related to the “service point reduction” operation of the commodity purchase interlocking identification system 100b according to the second embodiment of the present invention. Thereby, a user who is a service point member can exchange a part or all of the service point 161i for electronic money.

  The service point management server 161, in response to a request for returning a part or all of the user's service points 161i as electronic money, a part or all of the user's service points 161i with respect to the current electronic money balance information. The write management server 154 writes a request to write balance information into the balance information write area 105b of the write protected nonvolatile memory means 105 via the network so that the balance information is a balance obtained by adding the return amount converted at a predetermined rate. A request to be transmitted to the write management server 154 is transmitted via the network (step S201).

  The write management server 154 receives the request from the service point management server 161, and in response, converts a part or all of the service points 161i of the user at a predetermined rate with respect to the current electronic money balance information. The write management server 154 transmits a request to write balance information to the balance information write area 105b of the write protection nonvolatile memory means 105 to the mobile communication device 101 via the network (step S203). ).

  The service point management server 161 decreases the service point 161i of the user managed by the service point according to the return amount (step S205). The service point management server 161 transmits a request to the service point financial institution server 162 to transfer the return amount from the financial institution account held by the issuing entity of the service point 161 i to the financial institution account held by the electronic money issuing entity. (Step S207). As a result, the service point 161i is returned to electronic money, and the refund amount is paid from the service point issuer to the electronic money issuer.

[Second Embodiment: Member Discount Electronic Money Payment Processing]
Next, the operation of “member discount electronic money payment processing” will be described. FIG. 16 is an operation flow diagram relating to the operation of “member discount electronic money payment processing” of the commodity purchase interlocking identification system 100b according to the second embodiment of the present invention. In this operation, if it is confirmed by identification that the member can receive a discount, a predetermined discount is applied to the price of the product, and the discount price is paid by electronic money.

  When a user purchases a product or the like at a commercial facility, the user holds the mobile communication device 101 over the external terminal 142 connected to the electronic money payment terminal 182, so that the certificate information output means 117 of the mobile communication device 101 is electronic money. In response to a request from the payment terminal 182, the certificate information 152 i 1 is transmitted to the electronic money payment terminal 182 through the contactless data communication unit 122 (step S 211). The electronic money payment terminal 182 receives the certificate information 152i1 from the certificate information output unit 117 of the mobile communication device 101 (step S213).

  The product price input means 182a of the electronic money payment terminal 182 accepts input of product price information corresponding to the user's product purchase at the commercial facility (step S215). That is, the product price input means 182a accepts the input of the price of the product, or when the price of the product is input to a store cash register or the like, acquires the price of the product from there.

  The electronic money payment terminal 182 stores the correct write key 154 i in the balance information write area 105 b of the write protected nonvolatile memory means 105. On the condition that the certificate information 152i1 identifies that the user has a predetermined identity to receive a discount, a predetermined discount is given to the price of the input product to obtain a discount price, with a correct write key 154i. A balance withdrawal command for changing the balance information of the electronic money to a value obtained by removing the electronic money payment amount corresponding to the discount price of the product is transmitted to the mobile communication device 101 through the external terminal 142 and the non-contact data communication unit 122 (step) S217).

  The mobile communication device 101 receives the balance withdrawal command, and in response to this, the balance information stored in the balance information write area 105b of the write protection nonvolatile memory means 105 is changed to an electronic money payment amount corresponding to the price of the product. It changes to what has been removed (step S219). As a result, according to the purchase of the product, the balance of the electronic money of the user is reduced by the discount price.

  The electronic money payment terminal 182 notifies the electronic money management server 163 that the payment by the electronic money of the electronic money payment amount corresponding to the discount price of the product has been made (step S221). The electronic money management server 163 receives the electronic money payment amount notified from the electronic money payment terminal 182, and the electronic money management server 163 for the paid electronic money is stored in the electronic money issue balance management unit 163 a. The electronic money payment amount is subtracted from the issued balance, and the electronic money financial institution server 164 transfers the electronic money payment amount from the financial institution account of the electronic money issuer to the financial institution account of the commercial facility. A request is transmitted (step S199). As a result, the electronic money issuer pays the commercial facility the amount corresponding to the electronic money payment amount corresponding to the discount price of the product.

System configuration diagram mainly showing a configuration related to the mobile communication device 101 of the user information-linked identification system 100a according to the first embodiment of the present invention and the product purchase-linked identification system 100b according to the second embodiment. It is. It is a system block diagram showing the structure relevant to the apparatus mainly connected to the external terminal 142 of the user information interlocking type identification system 100a which concerns on the 1st Embodiment of this invention. It is a system block diagram showing the structure relevant to the apparatus mainly connected to the external terminal 142 of the goods purchase interlocking type identification system 100b concerning the 2nd Embodiment of this invention. It is a system configuration | structure figure showing the structure mainly relevant to the server of the user information interlocking type identification system 100a which concerns on the 1st Embodiment of this invention, and the goods purchase interlocking type identification system 100b concerning 2nd Embodiment. 1 is a system configuration diagram showing a configuration mainly related to a server of a user information-linked identification system 100a according to a first embodiment of the present invention. It is a system configuration | structure figure showing the structure mainly relevant to the server of the goods purchase interlocking type identification system 100b concerning the 2nd Embodiment of this invention. It is an operation | movement flowchart regarding the operation | movement of "user registration" of the user information interlocking type identification system 100a which concerns on the 1st Embodiment of this invention, and the goods purchase interlocking type identification system 100b concerning 2nd Embodiment. It is an operation | movement flowchart regarding the operation | movement of "application 118 download" of the user information interlocking type identification system 100a which concerns on the 1st Embodiment of this invention, and the goods purchase interlocking type identification system 100b which concerns on 2nd Embodiment. . FIG. 5 is an operation flow diagram related to the operation of “certificate information writing” of the user information-linked identification system 100a according to the first embodiment of the present invention and the product purchase-linked identification system 100b according to the second embodiment. is there. FIG. 5 is an operation flow diagram relating to an operation of “acquisition of invalidation information” in the user information-linked identification system 100a according to the first embodiment of the present invention and the product purchase-linked identification system 100b according to the second embodiment. is there. It is an operation | movement flowchart regarding the operation | movement of "certificate information output" of the user information interlocking type identification system 100a which concerns on the 1st Embodiment of this invention. It is an operation | movement flowchart regarding the operation | movement of "entrance / exit time management" of the user information interlocking type identification system 100a which concerns on the 1st Embodiment of this invention. It is an operation | movement flowchart regarding operation | movement of "service point issue" of the goods purchase interlocking type identification system 100b concerning the 2nd Embodiment of this invention. It is an operation | movement flowchart which concerns on operation | movement of the "electronic money payment process" of the goods purchase interlocking type identification system 100b concerning the 2nd Embodiment of this invention. It is an operation | movement flowchart regarding the operation | movement of "service point reduction | restoration" of the goods purchase interlocking type identification system 100b concerning the 2nd Embodiment of this invention. It is an operation | movement flowchart which concerns on operation | movement of the "member discount electronic money payment process" of the goods purchase interlocking type identification system 100b concerning the 2nd Embodiment of this invention. It is an image figure of a certificate image (with a face photograph) 191A and a certificate image (without a face photograph) 191B.

Explanation of symbols

100a User information interlocking type identification system 100b Commodity purchase interlocking type identification system 101 Mobile communication device 102 Processor means 103 Display screen 104 Non-volatile memory means 105 Write protection Non-volatile memory means 105a1 Write area (1)
105a2 Write area (2)
105b Balance information writing area 111 Application download means 112 Certificate information acquisition means 113 Invalidation information acquisition means 114 Certificate image display means 115 Secondary period excess invalidation means 116 Validation means 117 Certificate information output means 118 Application 121 Data communication Means 122 Non-contact data communication means 123 Wireless communication means 124 Audio communication means 141 Network 142 External terminal 152 Certificate information management server 152a Invalidation request acceptance means 152b Validation request acceptance means 152c Hardware identification information acquisition means 152d Access key acquisition means 152i1 Certificate information 152i2 Expiration date 152i3 Revocation information 152i4 Hardware identification information 152i5 Access key 153 Application download server 154 Write Physical server 154a Write key 155 User information management server 155i1 Entrance time 155i2 Exit time 155i3 Class section name 155i4 Course name 155i5 Course date and time 155i6 Attendance information 161 Service point management server 161i Service point 162 Service point financial institution server 163 Electronic money management server 163a Electronic money issue balance management means 163b Electronic money settlement processing request means 164 Electronic money financial institution server 171 Entrance time transmission means 172 Exit time transmission means 181 Service point issue terminal 181a Certificate information reception means 181b Product price acquisition means 181c Service point issue means 182 Electronic money payment terminal 182a Product price input means 182b Electronic money payment processing means 182c Electronic money payment amount notification 191A certificate image (with face photo)
191B ID image (no face photo)

Claims (11)

A server, a mobile communication device connected to the server via a network by wireless communication means and data communication means, and outputting information as a certificate that each user has a predetermined identity, and the predetermined in a commercial facility A service point issuing terminal for issuing a service point in accordance with the user's product purchase, and a product purchase interlocking type identification system comprising:
The server
The certificate information is invalidated for the user and the certificate information for identifying that the user has the predetermined identity, the expiration date of the predetermined identity, and the certificate information that should be invalidated. A certificate information management server that stores revocation information indicating that the information is to be associated with each user;
An application download server for causing the mobile communication device to download an application corresponding to the predetermined identity for causing the mobile communication device to output information relating to the certificate information;
A service point management server connected to the service point issuing terminal and storing a service point of the user;
The correct write key of the write protect nonvolatile memory means that requires the correct write key when writing data is stored, and the correct write key is stored in response to a data write request to the write protect nonvolatile memory means received via the network. A write management server that transmits the accompanying data write command to the data write request source via the network , and
The mobile communication device
A display screen for displaying information;
Processor means for operating the application;
Non-volatile memory means including the write-protected non-volatile memory means for storing data relating to the application;
Application download means for downloading the application from the application download server via a network by wireless data communication and storing the application in the nonvolatile memory means;
Certificate information acquisition means for acquiring the certificate information and the expiration date from the certificate information management server and storing the certificate information and the validity period in the write protected nonvolatile memory means by the application operating on the processor means;
As the application operates on the processor means, it is confirmed whether or not the invalidation information associated with the user exists in the certificate information management server, and the existence of the invalidation information is confirmed. Invalidation information acquisition means for storing information indicating that the certificate information is invalid in the write protected nonvolatile memory means,
When the application operates on the processor means, the certificate display request is received from the outside, the expiration date has not expired in response to the display request, and the invalidation information exists. if not confirmed, generates an image of a certificate from prior SL write protection nonvolatile memory means includes an indication with identifiable information and the predetermined identification of the user based on it reads the certificate information And certificate image display means for displaying it on the display screen;
Contactless data communication means for transmitting and receiving data related to information stored in the nonvolatile memory means with an external terminal;
The certificate information output request is received from the external terminal through the contactless data communication means, and the certificate information stored in the write-protected nonvolatile memory means is read in response to the output request, and the valid information is read out. Certificate information output means for outputting, to the external terminal through the contactless data communication means, the valid certificate information that can be identified that the expiration date has not expired if the expiration date has not expired. ,
The service point issuing terminal is
Certificate information receiving means for receiving the certificate information from the certificate information output means through the contactless data communication means and the external terminal;
Product price acquisition means for acquiring the price of the product according to the user's product purchase at the commercial facility;
Confirming that the user has the predetermined identity by confirming that the certificate information received by the certificate information receiving means is valid certificate information that has not expired , On the condition that it is confirmed, a service point is issued according to the price of the product acquired by the product price acquisition means, and it is transmitted to the service point management server for addition of the service point. Service point issuing means ,
The certificate information acquisition unit stores the certificate information and the expiration date acquired from the certificate information management server in the write protection nonvolatile memory unit unless the presence of the invalidation information is confirmed. By sending a request to send the data write command with the correct write key from the write management server to the write protection nonvolatile memory means via the network to the write management server via the network. Storing information in the write-protected non-volatile memory means;
The invalidation information acquisition means accompanies the correct write key for storing information indicating that the certificate information is invalid in the write protection nonvolatile memory when the existence of the invalidation information is confirmed. Information indicating that the certificate is invalid by transmitting a request to send the data write command from the write management server to the write protection nonvolatile memory means via the network to the write management server. Is stored in the write-protected non-volatile memory means . In the commodity purchase interlocking type identification system according to claim 1 ,
There are a plurality of the certificate information management servers, and each of the plurality of certificate information management servers includes certificate information that identifies the user as a person having one of a plurality of types of predetermined statuses, It stores the revocation information indicating that the certificate information is to be revoked for the expiration date of the specified identity and the certificate information that should be revoked,
The write-protected non-volatile memory means stores the certificate information of one type of certificate;
When the certificate information acquisition unit stores the certificate information and the expiration date in the write protected nonvolatile memory unit, the certificate information and the expiration date of another type of certificate are already stored. In the case of a product purchase, a product purchase linked identification system that erases it first. In the commodity purchase interlocking type identification system according to claim 1 ,
There are a plurality of certificate information management servers, and each of the plurality of certificate information management servers has one identity among a plurality of types of predetermined statuses that are classified into any of a plurality of fields. Certificate information that identifies the user as a holder, the expiration date of the predetermined identity, and revocation information indicating that the certificate information is to be revoked for certificate information that should be revoked Is memorized,
The write-protected non-volatile memory means has one write area with a different write key for each of the fields into which the certificate is classified,
The write management server stores a correct write key for each field of the certificate information,
When the certificate information acquisition unit stores the certificate information and the expiration date in the write-protected nonvolatile memory unit, the certificate information and the expiration date of another type of certificate already in the same field are already stored. A merchandise purchase-linked identification system that erases the stored information first. A server, a mobile communication device connected to the server via a network by wireless communication means and data communication means, and outputting information as a certificate that each user has a predetermined identity, and the predetermined in a commercial facility A service point issuing terminal for issuing a service point in accordance with the user's product purchase, and a product purchase interlocking type identification system comprising:
The server
Certificate information including information identifying the user and that the user has the predetermined identity, and name or number information that can identify the user, the expiration date of the predetermined identity, and invalidity A certificate information management server that stores revocation information indicating that the certificate information is revoked in association with each user,
An application download server for causing the mobile communication device to download an application corresponding to the predetermined identity for causing the mobile communication device to output information relating to the certificate information;
A service point management server connected to the service point issuing terminal and storing the service point of the user,
The mobile communication device
A display screen for displaying information;
Processor means for operating the application;
Non-volatile memory means for storing data relating to the application;
Application download means for downloading the application from the application download server via a network by wireless data communication and storing the application in the nonvolatile memory means;
Certificate information acquisition means for acquiring the certificate information and the expiration date from the certificate information management server and storing them in the nonvolatile memory means by the application operating on the processor means;
As the application operates on the processor means, it is confirmed whether or not the invalidation information associated with the user exists in the certificate information management server, and the existence of the invalidation information is confirmed. Invalidation information acquisition means for storing information indicating that the certificate information is invalid in the nonvolatile memory means,
When the application operates on the processor means, the certificate display request is received from the outside, the expiration date has not expired in response to the display request, and the invalidation information exists. If not confirmed, the certificate information is read from the non-volatile memory means, and information including a name or number that can identify the user based on the certificate information and an image indicating that the user has the predetermined identity is displayed. And certificate image display means for displaying it on the display screen;
Contactless data communication means for transmitting and receiving data related to information stored in the nonvolatile memory means with an external terminal;
The certificate information output request is received from the external terminal through the contactless data communication means, and the certificate information stored in the nonvolatile memory means is read in response to the output request, and the expiration date is If it has not expired, the certificate information output means for outputting the valid certificate information that can be identified that the expiration date has not expired to the external terminal through the contactless data communication means, and
The service point issuing terminal is
Certificate information receiving means for receiving the certificate information from the certificate information output means through the contactless data communication means and the external terminal;
Product price acquisition means for acquiring the price of the product according to the user's product purchase at the commercial facility;
Confirming that the user has the predetermined identity by confirming that the certificate information received by the certificate information receiving means is valid certificate information that has not expired, On the condition that it is confirmed, a service point is issued according to the price of the product acquired by the product price acquisition means, and it is transmitted to the service point management server for addition of the service point. Service point issuing means,
The certificate information management server prompts the user to set an access key for confirming that the user is valid before the mobile communication device acquires the certificate information and the expiration date. An access key acquiring means for acquiring the access key that has been acquired via a network, further storing the acquired access key in association with the user,
The revocation information acquisition means transmits the access key to the certificate information management server when confirming whether the revocation information exists in the certificate information management server,
The certificate information management server associates an access key transmitted from the invalidation information acquisition unit with the user when checking whether the invalidation information exists in the certificate information management server. A merchandise purchase interlocking type identification system characterized in that , when the access key is different from the stored access key, invalidation information for the certificate information is generated. In the commodity purchase interlocking type identification system according to claim 4 ,
The access key transmitted to the certificate information management server when the revocation information acquisition unit checks whether the revocation information exists in the certificate information management server is transmitted by the user to the mobile communication Product purchase-linked identification system that is input to the device. In the commodity purchase interlocking type identification system according to claim 5 ,
The access key to be transmitted to the certificate information management server when the revocation information acquisition unit confirms whether or not the revocation information exists in the certificate information management server is once received by the user When it is input to the mobile communication device, it is stored in the non-volatile memory means, and when the invalidation information is present in the certificate information management server by the invalidation information acquisition means after the next time A product purchase interlocking type identification system in which the stored access key is transmitted to the certificate information management server. In the commodity purchase interlocking type identification system according to claim 6 ,
When the invalidation information is acquired by the invalidation information acquisition unit from the next time onward, the access key is input to the mobile communication device by the user last time. Product purchase interlocking identification system that requests re-entry of the access key to the mobile communication device and confirms that the correct access key has been re-entered when a predetermined period has elapsed since . A server, a mobile communication device connected to the server via a network by wireless communication means and data communication means, and outputting information as a certificate that each user has a predetermined identity, and the predetermined in a commercial facility A service point issuing terminal for issuing a service point in accordance with the user's product purchase, and a product purchase interlocking type identification system comprising:
The server
Certificate information including information identifying the user and that the user has the predetermined identity, and name or number information that can identify the user, the expiration date of the predetermined identity, and invalidity A certificate information management server that stores revocation information indicating that the certificate information is revoked in association with each user,
An application download server for causing the mobile communication device to download an application corresponding to the predetermined identity for causing the mobile communication device to output information relating to the certificate information;
A service point management server connected to the service point issuing terminal and storing the service point of the user,
The mobile communication device
A display screen for displaying information;
Processor means for operating the application;
Non-volatile memory means for storing data relating to the application;
Application download means for downloading the application from the application download server via a network by wireless data communication and storing the application in the nonvolatile memory means;
Certificate information acquisition means for acquiring the certificate information and the expiration date from the certificate information management server and storing them in the nonvolatile memory means by the application operating on the processor means;
As the application operates on the processor means, it is confirmed whether or not the invalidation information associated with the user exists in the certificate information management server, and the existence of the invalidation information is confirmed. Invalidation information acquisition means for storing information indicating that the certificate information is invalid in the nonvolatile memory means,
When the application operates on the processor means, the certificate display request is received from the outside, the expiration date has not expired in response to the display request, and the invalidation information exists. If not confirmed, the certificate information is read from the non-volatile memory means, and information including a name or number that can identify the user based on the certificate information and an image indicating that the user has the predetermined identity is displayed. And certificate image display means for displaying it on the display screen;
Contactless data communication means for transmitting and receiving data related to information stored in the nonvolatile memory means with an external terminal;
The certificate information output request is received from the external terminal through the contactless data communication means, and the certificate information stored in the nonvolatile memory means is read in response to the output request, and the expiration date is If it has not expired, the certificate information output means for outputting the valid certificate information that can be identified that the expiration date has not expired to the external terminal through the contactless data communication means, and
The service point issuing terminal is
Certificate information receiving means for receiving the certificate information from the certificate information output means through the contactless data communication means and the external terminal;
Product price acquisition means for acquiring the price of the product according to the user's product purchase at the commercial facility;
Confirming that the user has the predetermined identity by confirming that the certificate information received by the certificate information receiving means is valid certificate information that has not expired, On the condition that it is confirmed, a service point is issued according to the price of the product acquired by the product price acquisition means, and it is transmitted to the service point management server for addition of the service point. Service point issuing means,
Confirmation as to whether or not the revocation information is present in the certificate information management server by the revocation information acquisition means is performed at least for each primary period that is a predetermined period,
When the application operates on the processor means, the revocation information acquisition means confirms whether the revocation information for each primary period exists in the certificate information management server. If the previous revocation information fails in the certificate information management server, the period after the successful confirmation of whether or not the revocation information exists in the certificate information management server is longer than the primary period. Secondary period excess invalidating means for determining whether or not the secondary period is exceeded, and storing information in the nonvolatile memory means indicating that the certificate information is invalid if exceeded. A product purchase-linked identification system characterized by further comprising: In the commodity purchase interlocking type identification system according to claim 1 ,
The product purchase-linked identification system is
An electronic money payment terminal connected to the external terminal, and performing payment processing with electronic money using the price as electronic money payment amount in accordance with the user's product purchase at a commercial facility,
The write protection nonvolatile memory means includes a balance information writing area, further storing balance information of the electronic money therein,
The server
An electronic money financial institution server that manages balance information of a financial institution account possessed by the electronic money issuer;
An electronic money management server that is connected to the electronic money payment terminal and the electronic money financial institution server and performs a settlement process of electronic money;
Further comprising
The electronic money payment terminal is
Product price input means for accepting input of the price of a product according to the user's product purchase at the commercial facility;
The balance of the electronic money, which stores the correct write key of the balance information writing area of the write protection nonvolatile memory means and accompanies the correct write key according to the price of the product input to the product price input means An electronic money payment processing means for transmitting a balance withdrawal command for changing information to a value obtained by removing an electronic money payment amount corresponding to the price of the product to the mobile communication device through the external terminal and the contactless data communication means; ,
Electronic money payment amount notification means for notifying the electronic money management server that payment of the electronic money payment amount by electronic money has been performed,
The electronic money management server is:
Electronic money issue balance management means for storing the issued balance of each issued electronic money;
Receiving the electronic money payment amount notified from the electronic money payment amount notification means, the electronic money payment amount from the issue balance stored in the electronic money issue balance management means for the paid electronic money Electronic money settlement for transmitting a request to the electronic money financial institution server to transfer the electronic money payment amount from a financial institution account held by the electronic money issuing entity to a financial institution account held by the commercial facility A merchandise purchase interlocking type identification system comprising: a processing request means; In the commodity purchase interlocking type identification system according to claim 9 ,
The server
A service point financial institution server that manages balance information of financial institution accounts possessed by the service point issuing entity,
The service point management server has a balance obtained by adding a return amount obtained by converting a part or all of the service points of the user at a predetermined rate to the current balance information of the electronic money at the request of the user. A request for the write management server to transmit the request to write the balance information in the write protection nonvolatile memory means to the mobile communication device via the network to the write management server via the network, and Accordingly, the service point of the user is decreased accordingly, and the service point financial institution server is changed from a financial institution account held by the issuer of the service point to a financial institution account held by the issuer of the electronic money. Product purchase linkage type that sends a request to transfer the reduction amount Minute certification system. Connected to a server, a mobile communication device connected to the server via a network by wireless communication means and data communication means, and outputting information as a certificate that each user has a predetermined identity, and an external terminal An electronic money payment terminal that performs payment processing with electronic money using the price as electronic money payment amount according to the user's product purchase at a commercial facility,
The server
The certificate information is invalidated for the user and the certificate information for identifying that the user has the predetermined identity, the expiration date of the predetermined identity, and the certificate information that should be invalidated. A certificate information management server that stores revocation information indicating that the information is to be associated with each user;
An application download server for causing the mobile communication device to download an application corresponding to the predetermined identity for causing the mobile communication device to output information relating to the certificate information;
The correct write key of the write protect nonvolatile memory means that requires the correct write key when writing data is stored, and the correct write key is stored in response to a data write request to the write protect nonvolatile memory means received via the network. A write management server that transmits the accompanying data write command to the data write request source via the network;
An electronic money financial institution server that manages balance information of a financial institution account possessed by the electronic money issuer;
An electronic money management server that is connected to the electronic money payment terminal and the electronic money financial institution server and performs a settlement process of electronic money,
The mobile communication device
A display screen for displaying information;
Processor means for operating the application;
Non-volatile memory means for storing data relating to the application and including the write-protected non-volatile memory means;
Application download means for downloading the application from the application download server via a network by wireless data communication and storing the application in the nonvolatile memory means;
Certificate information acquisition means for acquiring the certificate information and the expiration date from the certificate information management server and storing them in the nonvolatile memory means by the application operating on the processor means;
As the application operates on the processor means, it is confirmed whether or not the invalidation information associated with the user exists in the certificate information management server, and the existence of the invalidation information is confirmed. Invalidation information acquisition means for storing information indicating that the certificate information is invalid in the nonvolatile memory means,
When the application operates on the processor means, the certificate display request is received from the outside, the expiration date has not expired in response to the display request, and the invalidation information exists. if not confirmed, generates an image of a certificate from prior Symbol nonvolatile memory means includes an indication with identifiable information and the predetermined identification of the user based on it reads the certificate information, Certificate image display means for displaying it on the display screen;
Contactless data communication means for transmitting and receiving data related to information stored in the nonvolatile memory means with an external terminal;
The certificate information output request is received from the external terminal through the contactless data communication means, and the certificate information stored in the nonvolatile memory means is read in response to the output request, and the expiration date is If it has not expired , the certificate information output means for outputting the valid certificate information that can be identified that the expiration date has not expired to the external terminal through the contactless data communication means, and
The write protection nonvolatile memory means includes a balance information writing area, further storing balance information of the electronic money therein,
The certificate information acquisition unit stores the certificate information and the expiration date acquired from the certificate information management server in the write protection nonvolatile memory unit unless the presence of the invalidation information is confirmed. By sending a request to send the data write command with the correct write key from the write management server to the write protection nonvolatile memory means via the network to the write management server via the network. Storing information in the write-protected non-volatile memory means;
The invalidation information acquisition means accompanies the correct write key for storing information indicating that the certificate information is invalid in the write protection nonvolatile memory when the existence of the invalidation information is confirmed. Information indicating that the certificate is invalid by transmitting a request to send the data write command from the write management server to the write protection nonvolatile memory means via the network to the write management server. Is stored in the write protection nonvolatile memory means,
The electronic money payment terminal is
Product price input means for accepting input of the price of a product according to the user's product purchase at the commercial facility;
The balance of the electronic money, which stores the correct write key of the balance information writing area of the write protection nonvolatile memory means and accompanies the correct write key according to the price of the product input to the product price input means An electronic money payment processing means for transmitting a balance withdrawal command for changing information to a value obtained by removing an electronic money payment amount corresponding to the price of the product to the mobile communication device through the external terminal and the contactless data communication means; ,
Electronic money payment amount notification means for notifying the electronic money management server that payment of the electronic money payment amount by electronic money has been performed,
The electronic money management server is:
Electronic money issue balance management means for storing the issued balance of each issued electronic money;
The electronic money payment amount notified from the electronic money payment amount notification means is received, and the electronic money payment amount is subtracted from the issue balance of electronic money that has been paid and stored in the electronic money issue balance management means An electronic money settlement processing request for transmitting a request for transferring the electronic money payment amount from a financial institution account held by the electronic money issuer to a financial institution account held by the commercial facility to the electronic money financial institution server Means, and
Price of the product to make payments processed by the electronic money payment terminal, the certificate information received by receiving the certificate information via the non-contact communication means and the external terminal from the certificate information output means Confirm that the user has the predetermined identity by confirming that it is valid certificate information that has not expired, and a predetermined discount is applied on condition that it has been confirmed A product purchase-linked identification system characterized by

Images