JP4148465B2

JP4148465B2 - Electronic value distribution system and electronic value distribution method

Info

Publication number: JP4148465B2
Application number: JP2003133451A
Authority: JP
Inventors: 吉孝中村; 琢夫西原; 恒一虎松
Original assignee: Nippon Telegraph and Telephone Corp
Current assignee: Nippon Telegraph and Telephone Corp
Priority date: 2003-05-12
Filing date: 2003-05-12
Publication date: 2008-09-10
Anticipated expiration: 2023-05-12
Also published as: JP2004334783A

Description

【０００１】
【発明の属する技術分野】
本発明は、携帯電話やＰＤＡのような携帯端末によって、ＰＯＳ等の店舗端末に支払う電子価値流通に関し、特に、携帯端末上で暗号処理等の負荷の高い処理を行わずに、公開鍵暗号を用いて安全性の高い電子価値流通をする電子価値流通システムおよび電子価値流通方法に関する。
【０００２】
【従来の技術】
従来、公開鍵暗号を用いた電子価値流通方法が知られている（たとえば、非特許文献１参照）。
【０００３】
この従来の方法では、スマートカード等の暗号演算を行うことができる耐タンパ装置を、利用者が持ち、支払相手が支払要求すると、スマートカード内で、保持されている利用者秘密鍵を用いて支払署名を作成し、支払相手がその支払署名を検証することによって、電子価値を流通させる。
【０００４】
公開鍵暗号を用いた電子価値流通方法は、共通鍵暗号を用いた電子価値流通方法とは異なり、秘密鍵を店舗に保持する必要がないので、秘密漏洩の危険性が低く、また、システム全体に同一の鍵を使わないようにすることができるので、もし秘密鍵の１つが漏洩または解読された場合でも、偽造・改竄によるリスクが、その鍵を用いる範囲に限定され、したがって、より安全性が高い電子価値流通方法である。
【０００５】
これらの公開鍵暗号を用いた電子価値流通方法において、電子価値の支払を受けた店舗端末では、利用者から受領した支払署名を保存し、後にセンタに支払署名を還流し、支払署名の正当性が検証されれば、相当の金額が精算される。
【０００６】
【非特許文献１】
日経デジタルマネー・システム編「デジタルマネーのすべて最新の技術開発動向と実用化への展望」日経ＢＰ社、pp.118-376、1997年10月20日発行
【０００７】
【発明が解決しようとする課題】
従来の電子価値流通方法では、ＰＤＡや携帯電話機等、広く普及している端末装置ではなく、スマートカードのように、暗号演算を行うことができる耐タンパ装置等、特殊な装置を用いなければならず、サービス事業者が利用者に配布するコスト負担が大きいという問題がある。
【０００８】
また、従来の電子価値流通方法では、店舗端末は、センタとの通信手段を持ち、またはオフラインで支払署名をセンタに運ぶ等、支払署名を還流する処理を実行しなければ精算を受けることができないという問題がある。
【０００９】
本発明は、利用者端末に、暗号演算手段や耐タンパ性を必要とせず、また、店舗端末が、センタとの通信手段を有していなくても、その店舗への精算処理が可能である電子価値流通システムおよび電子価値流通方法を提供することを目的とするものである。
【００１０】
【課題を解決するための手段】
本発明は、利用者が携帯する利用者端末が、センタとの間で通信し、また、店舗端末との間で通信し、公開鍵署名方法を用い、電子価値を流通させる電子価値流通システムであって、センタに情報を送信し、センタで署名を生成してもらうことによって、耐タンパ装置を必要とせず、また、チャレンジ情報に店舗識別情報を含めることによって、センタとの通信機能を店舗端末に設けなくても、精算することができる電子価値流通システムである。
【００１１】
【発明の実施の形態および実施例】
［第１の実施例］
図１は、本発明の第１の実施例である電子価値流通システム１００の構成を示す図であり、また、その動作を示すフローチャートである。
【００１２】
電子価値流通システム１００は、センタＣ１と、携帯電話機等の利用者端末Ｕ１と、ＰＯＳ端末等の店舗端末Ｐ１とを有し、利用者端末Ｕ１が、パケット通信によって、センタＣ１との間で通信可能であり、しかも、赤外線通信によって、店舗端末Ｐ１との間で通信可能であり、店舗端末Ｐ１に、電子マネーを支払う実施例である。
【００１３】
次に、電子価値流通システム１００の動作について説明する。
【００１４】
利用者が、店舗端末Ｐ１に支払う場合には、次の７つのステップを実行する。
【００１５】
まず、利用者は、携帯電話機等の利用者端末Ｕ１を使用して、店舗端末Ｐ１との間で、赤外線通信手段を用い、通信を確立する（Ｓ１）。このステップＳ１内で、必要であれば、店舗端末Ｐ１を端末認証してもよく、また、利用者端末Ｕ１を端末認証するようにしてもよい。ただし、通常、利用者は、売買行為の相手である店舗端末Ｐ１を目視によって確認しているので、上記端末認証を省略するようにしてもよい。
【００１６】
次に、店舗端末Ｐ１は、当該取引に用いる店舗識別情報として、店舗ＩＤを含むチャレンジ情報を生成し、当該取引の支払金額と上記チャレンジ情報とを含む支払要求情報を、利用者端末Ｕ１に送信する（Ｓ２）。
【００１７】
利用者端末Ｕ１は、パケット通信手段等を用いてセンタＣ１との間で通信を確立する（Ｓ３）。このステップＳ３内で、署名要求情報の一部である利用者認証情報をセンタＣ１に送信し、利用者認証を実行することが可能である。上記利用者認証を行う場合、片側認証方法であれば、共通鍵暗号認証、パスワード認証、ワンタイムパスワード等、公知の方法を用いるようにしてもよい。
【００１８】
利用者端末Ｕ１は、支払金額とチャレンジ情報とを含む署名要求情報をセンタＣ１に送信する（Ｓ４）。なお、ステップＳ３で利用者認証情報をセンタＣ１に送信していなければ、利用者認証情報と支払金額とチャレンジ情報とを含む署名要求情報をセンタＣ１に送信する。
【００１９】
センタＣ１は、上記チャレンジ情報から、店舗を識別し、支払金額が、上記利用者の支払可能残高よりも少ない場合にのみ、支払金額とチャレンジ情報とに対するセンタ秘密鍵による電子署名である支払署名を生成し、上記利用者の支払可能残高を、上記支払金額分、減額し、上記店舗の精算金額を、上記支払金額分、増額し、署名要求応答として支払署名を、利用者端末Ｕ１に送信し、パケット通信を切断する（Ｓ５）。
【００２０】
なお、ステップＳ３において、利用者認証情報をセンタＣ１に送信していなければ、ステップＳ５において、利用者認証情報を用い、利用者認証を行う。
【００２１】
利用者端末Ｕ１は、センタＣ１から受信した署名要求応答を、支払要求応答として、店舗端末Ｐ１に送信する（Ｓ６）。
【００２２】
店舗端末Ｐ１は、利用者端末Ｕ１から受信した支払署名を、センタ公開鍵保持手段Ｍ１に予め保持しているセンタ公開鍵と、利用者端末Ｕ１に送信した支払要求とを用いて、検証し、この検証結果が正しければ、当該取引の支払を正しく受領したと判断し、赤外線通信を切断し、支払処理を完了する。（Ｓ７）。
【００２３】
ここで、署名要求応答と支払要求応答とに、センタ公開鍵の公開鍵証明書を含め、また、上記公開鍵証明書が、上記センタ公開鍵と、上記センタ公開鍵に対する認証機関秘密鍵による電子署名とを含むようにすれば、店舗端末Ｐ１は、センタ公開鍵を持たずに、認証機関公開鍵を持ち、ステップＳ７で、認証機関公開鍵による公開鍵証明書検証を行うことによって、支払署名の正当性を検証することができる。
【００２４】
また、ステップＳ３〜Ｓ５において、利用者端末Ｕ１と店舗端末Ｐ１との間の通信を切断し、ステップＳ６を始める前に、再び通信を確立するようにしてもよい。
【００２５】
すなわち、上記実施例によれば、センタＣ１との通信機能、店舗端末Ｐ１との通信機能を持ち、センタＣ１に情報を送信し、センタＣ１で署名を生成してもらえば、耐タンパ装置を必要としない。また、上記実施例によれば、チャレンジ情報に店舗識別情報を含めることによって、センタＣ１との通信機能を店舗端末Ｐ１に設けなくても、精算することができる。
【００２６】
［第２の実施例］
図２は、本発明の第２の実施例である電子価値流通システム２００の構成を示す図であり、また、電子価値流通システム２００において、利用者端末Ｕ２が、店舗端末Ｐ２の店舗識別情報を予め取得する動作を示すフローチャートである。
【００２７】
電子価値流通システム２００は、センタＣ２と、携帯電話機等の利用者端末Ｕ２と、ＰＯＳ端末等の店舗端末Ｐ２と、店舗ＩＤ保持手段Ｍ２とを有する。
【００２８】
電子価値流通システム２００において、利用者端末Ｕ２は、パケット通信で、センタＣ２と通信可能であり、しかも、赤外線通信で、店舗端末Ｐ２と通信可能であり、店舗端末Ｐ２に対して電子マネー支払を行い、センタＣ２自身がチャレンジ生成装置であり、チャレンジ情報を生成する。
【００２９】
次に、電子価値流通システム２００の動作について説明する。
【００３０】
利用者は、次の４つのステップによって、店舗端末Ｐ２の店舗識別情報を予め取得する。
【００３１】
利用者は、携帯電話機等の利用者端末Ｕ２を使用し、ＰＯＳ端末等の店舗端末Ｐ２との間で、赤外線通信手段を用い、通信を確立する（Ｓ１１）。そして、店舗端末Ｐ２は、利用者端末Ｕ２に、店舗ＩＤ（店舗識別情報）を送信する（Ｓ１２）。
【００３２】
利用者端末Ｕ２は、店舗端末Ｐ２から受信した店舗ＩＤを、店舗ＩＤ保持手段Ｍ２に保持する（Ｓ１３）。そして、利用者端末Ｕ２と店舗端末Ｐ２との間の赤外線通信を切断する（Ｓ１４）。
【００３３】
次に、電子価値流通システム２００において、利用者端末Ｕ２が、店舗端末Ｐ２に支払う場合の動作について説明する。
【００３４】
図３は、電子価値流通システム２００において、利用者端末Ｕ２が、店舗端末Ｐ２に支払う場合の動作を示すフローチャートである。
【００３５】
利用者が店舗端末Ｐ２に支払う場合、次の７つのステップを実行する。まず、利用者は、利用者端末Ｕ２とセンタＣ２との間で、パケット通信手段を用い、通信を確立する（Ｓ２１）。
【００３６】
このステップＳ２１で、署名要求情報の一部である利用者認証情報を、センタＣ２に送信し、利用者認証を実行するようにしてもよい。利用者認証の方法としては、片側認証方法であれば、共通鍵暗号認証、パスワード認証、ワンタイムパスワード等、公知の方法を採用するようにしてもよい。
【００３７】
利用者は、携帯電話機等の利用者端末Ｕ２を操作し、支払金額を決定し、携帯電話番号（利用者認証情報）と、上記支払金額と、店舗ＩＤとを、センタＣ２に送信する（Ｓ２２）。
【００３８】
センタＣ２は、店舗ＩＤを含むチャレンジ情報を生成し、上記携帯電話番号で認証された利用者の支払可能残高が、上記支払金額よりも多い場合にのみ、上記支払金額と上記チャレンジ情報とに対して支払署名を生成し、上記利用者の支払可能残高を、上記支払金額分、減額し、上記店舗ＩＤで識別される店舗の精算金額を、上記支払金額分、増額し、上記支払署名と上記チャレンジ情報とを、署名要求応答として利用者端末Ｕ２に送信する（Ｓ２３）。このステップＳ２３で、センタＣ２は、利用者から減額する金額に手数料を追加し、店舗に増額する金額から手数料を差し引くことによって、手数料収入を得ることも可能である。
【００３９】
利用者端末Ｕ２は、センタＣ２から受信した支払署名とチャレンジ情報とを保持し、センタＣ２とのパケット通信を切断する（Ｓ２４）。
【００４０】
利用者端末Ｕ２は、店舗端末Ｐ２との間で赤外線通信を確立し（Ｓ２５）、保持していた支払署名とチャレンジ情報と支払金額とを、店舗端末Ｐ２に送信する（Ｓ２６）。
【００４１】
店舗端末Ｐ２は、利用者端末Ｕ２から受信した支払署名を、センタ公開鍵保持手段Ｍ３に予め保持しているセンタ公開鍵と、受信した支払金額とチャレンジ情報とを用いて検証し、検証結果が正しければ、当該取引の支払を正しく受領したと判断し、赤外線通信を切断し、支払処理を完了する（Ｓ２７）。
【００４２】
ここで、支払署名とともに、センタ公開鍵の公開鍵証明書を送受信することによって、店舗端末Ｐ２は、センタ公開鍵を持たずに、認証機関公開鍵を持ち、ステップＳ２７で、認証機関公開鍵による公開鍵証明書検証を行うことによって、支払署名の正当性を検証することもできる。
【００４３】
上記実施例によれば、センタと利用者端末と店舗端末とを有し、上記センタにおいて、署名生成処理を行うので、利用者端末に、暗号演算手段や耐タンパ性を必要とせず、また、上記利用者端末として、携帯電話機のようなセンタとの通信手段を持つ端末を利用し、支払金額やチャレンジ情報等の支払要求情報を、センタに送信するので、センタとの通信手段が、店舗端末に無くても、その店舗への精算処理が可能である。
【００４４】
【発明の効果】
請求項１、６記載の発明によれば、利用者端末に、暗号演算手段や耐タンパ性がなくても、センタとの通信手段さえ具備していれば、公開鍵暗号方法を用いた安全性の高い電子価値流通を実現することができるという効果を奏する。
【００４５】
請求項２、７記載の発明によれば、利用者の意思によって、支払金額を決定することができるという効果を奏する。
【００４６】
請求項３、８記載の発明によれば、センタとの通信手段を、店舗端末が備えていなくても、または、オフラインで、支払署名をセンタに還流しなくても、チャレンジ情報に店舗情報を含めれば、店舗への精算を実現することができるという効果を奏する。
【００４７】
請求項４、９記載の発明によれば、店舗端末がチャレンジ生成手段を備えていない場合、店舗用のチャレンジを第三者に生成してもらうことによって、センタとの通信手段を、店舗端末が備えていなくても、または、オフラインで、支払署名をセンタに還流しなくても、チャレンジ情報に店舗情報を含めれば、店舗への精算を実現することができるという効果を奏する。
【００４８】
請求項５、１０記載の発明によれば、複数のセンタが存在する電子価値流通サービスにおいても、店舗端末は、各センタの公開鍵を保持する必要がなく、認証機関公開鍵だけ保持すれば足りるので、新たなセンタの追加時に、店舗端末への鍵配布等の運用が不要であるという効果を奏する。
【図面の簡単な説明】
【図１】本発明の第１の実施例である電子価値流通システム１００の構成を示す図であり、また、その動作を示すフローチャートである。
【図２】本発明の第２の実施例である電子価値流通システム２００の構成を示す図であり、また、電子価値流通システム２００において、利用者端末Ｕ２が、店舗端末Ｐ２の店舗識別情報を予め取得する動作を示すフローチャートである。
【図３】電子価値流通システム２００において、利用者端末Ｕ２が、店舗端末Ｐ２に支払う場合の動作を示すフローチャートである。
【符号の説明】
１００、２００…電子価値流通システム、
Ｃ１、Ｃ２…センタ、
Ｕ１、Ｕ２…利用者端末、
Ｐ１、Ｐ２…店舗端末。[0001]
BACKGROUND OF THE INVENTION
The present invention relates to electronic value distribution paid to a store terminal such as a POS by a portable terminal such as a mobile phone or a PDA. In particular, public key cryptography is performed without performing heavy processing such as encryption processing on the portable terminal. The present invention relates to an electronic value distribution system and an electronic value distribution method that use electronic value distribution with high safety.
[0002]
[Prior art]
Conventionally, an electronic value distribution method using public key cryptography is known (for example, see Non-Patent Document 1).
[0003]
In this conventional method, when a user has a tamper-proof device capable of performing cryptographic operations such as a smart card and a payment partner requests payment, a user secret key held in the smart card is used. Electronic value is distributed by creating a payment signature and verifying the payment signature by the payee.
[0004]
The electronic value distribution method using public key cryptography, unlike the electronic value distribution method using common key cryptography, does not require the private key to be held in the store, and therefore, the risk of secret leakage is low, and the entire system If one of the private keys is leaked or decrypted, the risk of forgery / tampering is limited to the range where the key is used, and therefore more secure. Is a high electronic value distribution method.
[0005]
In electronic value distribution methods using these public key cryptosystems, store terminals that have received payment for electronic value store the payment signature received from the user, and then return the payment signature to the center for validity of the payment signature. If is verified, a considerable amount is settled.
[0006]
[Non-Patent Document 1]
Nikkei Digital Money System "All about Digital Money Latest Technology Development Trends and Prospects for Practical Use" Nikkei Business Publications, pp.118-376, published on October 20, 1997 [0007]
[Problems to be solved by the invention]
In the conventional electronic value distribution method, a special device such as a tamper-proof device capable of performing cryptographic operations, such as a smart card, must be used instead of a widely used terminal device such as a PDA or a mobile phone. However, there is a problem that the cost burden to be distributed by the service provider to the user is large.
[0008]
Further, in the conventional electronic value distribution method, the store terminal cannot receive payment unless it has a means for communicating with the center or carries out a process for returning the payment signature to the center, such as carrying the payment signature to the center offline. There is a problem.
[0009]
The present invention does not require the user terminal to have cryptographic operation means or tamper resistance, and even if the store terminal does not have means for communicating with the center, it is possible to perform settlement processing for the store. An object of the present invention is to provide an electronic value distribution system and an electronic value distribution method.
[0010]
[Means for Solving the Problems]
The present invention is an electronic value distribution system in which a user terminal carried by a user communicates with a center, communicates with a store terminal, and distributes electronic value using a public key signature method. By sending information to the center and having the center generate a signature, no tamper-proof device is required, and by including store identification information in the challenge information, the communication function with the center can be added to the store terminal. This is an electronic value distribution system that can be settled without providing it.
[0011]
BEST MODE FOR CARRYING OUT THE INVENTION
[First embodiment]
FIG. 1 is a diagram showing the configuration of an electronic value distribution system 100 according to the first embodiment of the present invention, and is a flowchart showing its operation.
[0012]
The electronic value distribution system 100 includes a center C1, a user terminal U1 such as a mobile phone, and a store terminal P1 such as a POS terminal. The user terminal U1 communicates with the center C1 by packet communication. This is an embodiment that can be communicated with the store terminal P1 by infrared communication and pays electronic money to the store terminal P1.
[0013]
Next, the operation of the electronic value distribution system 100 will be described.
[0014]
When the user pays to the store terminal P1, the following seven steps are executed.
[0015]
First, the user establishes communication with the store terminal P1 using the infrared communication means using the user terminal U1 such as a mobile phone (S1). Within this step S1, if necessary, the store terminal P1 may be subjected to terminal authentication, and the user terminal U1 may be subjected to terminal authentication. However, since the user normally confirms the store terminal P1 that is the partner of the buying and selling action by visual observation, the terminal authentication may be omitted.
[0016]
Next, the store terminal P1 generates challenge information including a store ID as store identification information used for the transaction, and transmits payment request information including the payment amount of the transaction and the challenge information to the user terminal U1. (S2).
[0017]
The user terminal U1 establishes communication with the center C1 using packet communication means or the like (S3). Within this step S3, user authentication information, which is a part of the signature request information, can be transmitted to the center C1, and user authentication can be executed. When performing the user authentication, a known method such as common key encryption authentication, password authentication, and one-time password may be used as long as it is a one-side authentication method.
[0018]
The user terminal U1 transmits signature request information including the payment amount and challenge information to the center C1 (S4). If the user authentication information is not transmitted to the center C1 in step S3, the signature request information including the user authentication information, the payment amount, and the challenge information is transmitted to the center C1.
[0019]
The center C1 identifies the store from the challenge information, and only when the payment amount is smaller than the payable balance of the user, the center C1 provides a payment signature that is an electronic signature with a center secret key for the payment amount and the challenge information. Generate and reduce the payable balance of the user by the amount of payment, increase the payment amount of the store by the amount of payment, and send a payment signature as a signature request response to the user terminal U1 Then, the packet communication is disconnected (S5).
[0020]
If user authentication information is not transmitted to the center C1 in step S3, user authentication is performed using the user authentication information in step S5.
[0021]
The user terminal U1 transmits the signature request response received from the center C1 to the store terminal P1 as a payment request response (S6).
[0022]
The store terminal P1 verifies the payment signature received from the user terminal U1, using the center public key held in the center public key holding means M1 in advance and the payment request transmitted to the user terminal U1, If the verification result is correct, it is determined that the payment for the transaction has been correctly received, the infrared communication is disconnected, and the payment process is completed. (S7).
[0023]
Here, the signature request response and the payment request response include the public key certificate of the center public key, and the public key certificate includes the center public key and an electronic certificate authority private key for the center public key. If the signature is included, the store terminal P1 does not have the center public key, but has the certification authority public key. In step S7, the store terminal P1 verifies the public key certificate by using the certification authority public key. Can be verified.
[0024]
In steps S3 to S5, communication between the user terminal U1 and the store terminal P1 may be disconnected, and communication may be established again before starting step S6.
[0025]
That is, according to the above-described embodiment, a tamper-proof device is necessary if it has a communication function with the center C1 and a communication function with the store terminal P1, transmits information to the center C1, and generates a signature at the center C1. And not. Moreover, according to the said Example, by including store identification information in challenge information, even if it does not provide a communication function with the center C1 in store terminal P1, it can pay.
[0026]
[Second Embodiment]
FIG. 2 is a diagram illustrating a configuration of an electronic value distribution system 200 according to the second embodiment of the present invention. In the electronic value distribution system 200, the user terminal U2 stores the store identification information of the store terminal P2. It is a flowchart which shows the operation | movement acquired beforehand.
[0027]
The electronic value distribution system 200 includes a center C2, a user terminal U2 such as a mobile phone, a store terminal P2 such as a POS terminal, and a store ID holding unit M2.
[0028]
In the electronic value distribution system 200, the user terminal U2 can communicate with the center C2 by packet communication, and can communicate with the store terminal P2 by infrared communication, and pays electronic money to the store terminal P2. The center C2 itself is a challenge generation device and generates challenge information.
[0029]
Next, the operation of the electronic value distribution system 200 will be described.
[0030]
The user acquires store identification information of the store terminal P2 in advance through the following four steps.
[0031]
The user uses the user terminal U2 such as a mobile phone and establishes communication with the store terminal P2 such as a POS terminal by using infrared communication means (S11). And store terminal P2 transmits store ID (store identification information) to user terminal U2 (S12).
[0032]
The user terminal U2 holds the store ID received from the store terminal P2 in the store ID holding means M2 (S13). And infrared communication between user terminal U2 and store terminal P2 is cut off (S14).
[0033]
Next, the operation when the user terminal U2 pays to the store terminal P2 in the electronic value distribution system 200 will be described.
[0034]
FIG. 3 is a flowchart showing an operation when the user terminal U2 pays to the store terminal P2 in the electronic value distribution system 200.
[0035]
When the user pays to the store terminal P2, the following seven steps are executed. First, the user establishes communication between the user terminal U2 and the center C2 using packet communication means (S21).
[0036]
In this step S21, user authentication information that is a part of the signature request information may be transmitted to the center C2, and user authentication may be executed. As a user authentication method, as long as it is a one-side authentication method, a publicly known method such as common key encryption authentication, password authentication, and one-time password may be adopted.
[0037]
The user operates the user terminal U2 such as a mobile phone, determines the payment amount, and transmits the mobile phone number (user authentication information), the payment amount, and the store ID to the center C2 (S22). ).
[0038]
The center C2 generates challenge information including the store ID, and only when the payable balance of the user authenticated by the mobile phone number is larger than the payment amount, the payment amount and the challenge information are A payment signature is generated, the payable balance of the user is reduced by the amount of payment, the settlement amount of the store identified by the store ID is increased by the amount of payment, and the payment signature and the above The challenge information is transmitted to the user terminal U2 as a signature request response (S23). In step S23, the center C2 can also obtain a fee income by adding a fee to the amount reduced from the user and subtracting the fee from the amount increased to the store.
[0039]
The user terminal U2 holds the payment signature and challenge information received from the center C2, and disconnects the packet communication with the center C2 (S24).
[0040]
The user terminal U2 establishes infrared communication with the store terminal P2 (S25), and transmits the held payment signature, challenge information, and payment amount to the store terminal P2 (S26).
[0041]
The store terminal P2 verifies the payment signature received from the user terminal U2 using the center public key held in the center public key holding means M3 in advance, the received payment amount and the challenge information, and the verification result is If it is correct, it is determined that the payment for the transaction has been correctly received, the infrared communication is disconnected, and the payment process is completed (S27).
[0042]
Here, by transmitting and receiving the public key certificate of the center public key together with the payment signature, the store terminal P2 has the certification authority public key without having the center public key, and uses the certification authority public key in step S27. The validity of the payment signature can be verified by performing public key certificate verification.
[0043]
According to the above embodiment, the center has a user terminal and a store terminal, and since the signature generation processing is performed in the center, the user terminal does not require cryptographic operation means and tamper resistance, and Since the terminal having communication means with the center such as a mobile phone is used as the user terminal and payment request information such as payment amount and challenge information is transmitted to the center, the communication means with the center is a store terminal. Even if it does not exist, it is possible to perform a settlement process for the store.
[0044]
【The invention's effect】
According to the first and sixth aspects of the present invention, even if the user terminal does not have cryptographic operation means or tamper resistance, it has security means using the public key encryption method as long as it has communication means with the center. High electronic value distribution can be realized.
[0045]
According to invention of Claim 2, 7, there exists an effect that the payment amount can be determined by a user's intention.
[0046]
According to the third and eighth aspects of the present invention, the store information is added to the challenge information even if the store terminal does not have a means for communicating with the center, or even if the payment signature is not returned to the center offline. If it is included, it is possible to realize the settlement to the store.
[0047]
According to invention of Claim 4, 9, when a store terminal is not provided with the challenge production | generation means, a store terminal has a communication means with a center by having a third party generate the challenge for stores. Even if it is not provided or even if the payment signature is not returned to the center offline, if the store information is included in the challenge information, the settlement to the store can be realized.
[0048]
According to the fifth and tenth aspects of the invention, even in an electronic value distribution service in which a plurality of centers exist, the store terminal does not need to hold the public key of each center, and only needs to hold the certification authority public key. Therefore, when adding a new center, there is an effect that operation such as key distribution to the store terminal is unnecessary.
[Brief description of the drawings]
FIG. 1 is a diagram showing a configuration of an electronic value distribution system 100 according to a first embodiment of the present invention, and a flowchart showing its operation.
FIG. 2 is a diagram illustrating a configuration of an electronic value distribution system 200 according to a second embodiment of the present invention. In the electronic value distribution system 200, a user terminal U2 stores store identification information of the store terminal P2. It is a flowchart which shows the operation | movement acquired beforehand.
FIG. 3 is a flowchart showing an operation when a user terminal U2 pays to a store terminal P2 in the electronic value distribution system 200.
[Explanation of symbols]
100, 200 ... Electronic value distribution system,
C1, C2 ... center,
U1, U2 ... user terminal,
P1, P2 ... Store terminals.

Claims

A user terminal carried by a user communicates with a center, communicates with a store terminal, and uses an public key signature method to distribute electronic value.
The user terminal has user authentication information presenting means for presenting user authentication information,
The center includes user authentication means for authenticating a user with the user authentication information, payment signature generation means for generating a payment signature that is an electronic signature for the payment amount and challenge information received from the user terminal, User balance management means for holding the user's payable balance for each user and generating the payment signature in response to a request from the user, reducing the payable balance of the user by the amount of payment. And
The store terminal includes: challenge generation means for generating challenge information; payment request means for transmitting payment request information including a payment amount and challenge information to the user terminal; a center public key holding means; a payment amount; Payment signature verification means for verifying the payment signature received from the user terminal using the challenge information and the held center public key,
When the user terminal pays the store terminal,
The store terminal transmits payment request information including the payment amount of the transaction and challenge information generated for the transaction to the user terminal,
When the user terminal receives payment request information from the store terminal, the user terminal transmits signature request information including the user authentication information, the payment amount, and the challenge information to the center.
When the center receives the signature request information, the center authenticates the user using the user authentication information, and the payment amount and the payment amount only when the payment amount is smaller than the payable balance of the user. A payment signature which is an electronic signature for the challenge information is generated, the payable balance of the user is reduced by the payment amount, and a signature request response including the payment signature is transmitted to the user terminal,
Upon receiving the signature request response from the center, the user terminal transmits a payment request response including the payment signature received from the center to the store terminal,
When the store terminal receives a payment request response from the user terminal, it verifies the payment signature using the payment amount, the challenge information, and the held center public key. An electronic value distribution system characterized by completing payment processing.

A user terminal carried by a user communicates with a center, communicates with a store terminal, and uses an public key signature method to distribute electronic value.
The user terminal has user authentication information presenting means for presenting user authentication information,
The center includes user authentication means for authenticating a user with user authentication information, payment signature generation means for generating a payment signature that is an electronic signature for the payment amount and challenge information received from the user terminal, The user's payable balance is held for each user, and when a payment signature is generated in response to a request from the user, user balance management means for reducing the user's payable balance by the amount of payment. Have
The store terminal receives challenge generation means for generating challenge information, payment request means for transmitting payment request information including challenge information to the user terminal, center public key holding means, and reception from the user terminal. A payment signature verification means for verifying the payment signature using the challenge information, the held center public key and the payment amount received simultaneously with the payment signature,
When the user terminal pays the store terminal,
The store terminal transmits payment request information including challenge information generated for the transaction to the user terminal,
When the user terminal receives payment request information from the store terminal, the user terminal transmits signature request information including user authentication information, a payment amount determined by the user, and the challenge information to the center,
When the center receives the signature request information, the center authenticates the user using the user authentication information, and the payment amount and the challenge information only when the payment amount is smaller than the payable balance of the user. A payment signature that is an electronic signature for the user, the payment balance of the user is reduced by the payment amount, and a signature request response including the payment signature is transmitted to the user terminal,
When the user terminal receives the signature request response from the center, the user terminal transmits a payment request response including the payment amount and the payment signature received from the center to the store terminal,
Upon receipt of the payment request response from the user terminal, the store terminal verifies the payment signature using the payment amount, the challenge information, and the center public key held, and if the verification is successful, An electronic value distribution system characterized by completing processing.

In claim 1 or claim 2,
The challenge information includes store identification information for identifying the store terminal,
The center has store terminal identification means for identifying the store terminal from the store identification information included in the challenge information, and a settlement amount management means for managing the settlement amount for each store,
In addition to the above processes, when the center receives the signature request information, the center identifies the store terminal from the store identification information included in the challenge information, and determines the payable balance of the user as the payment amount. An electronic value distribution system characterized by increasing the payment amount of the store by the payment amount when the amount is reduced.

The challenge generation device communicates with the user terminal, communicates with the center, and the user terminal carried by the user communicates with the center, and with the store terminal. An electronic value distribution system for distributing electronic value using a public key signature method,
The user terminal includes store identification information holding means for holding store identification information presented from the store terminal, and user authentication information presentation means for presenting user authentication information.
The challenge generation device includes challenge generation means for generating challenge information including store identification information received from the user terminal,
The center receives user authentication means for authenticating the user with the user authentication information, store terminal identification means for identifying the store terminal from the store identification information included in the challenge information, and the challenge generation device. A payment signature generating means for generating a payment signature that is an electronic signature for the payment amount and the challenge information, and for each user, the payable balance of the user is held, and the payment signature is made in response to a request from the user A user balance management means for reducing the payable balance of the user by the payment amount, and a settlement amount management means for managing the settlement amount for each store,
The store terminal includes a store identification information presenting means for presenting store identification information on the user terminal, a center public key holding means, a payment amount determined in advance by the user at the user terminal, or the transaction. Payment signature verification means for verifying the payment signature received from the user terminal using the payment amount passed from the store terminal and challenge information and the center public key held;
When the user terminal pays the store terminal,
The store terminal transmits store identification information to the user terminal in advance or at the time of the transaction,
The user terminal retains the store identification information received from the store terminal, and the payment amount previously determined by the user at the user terminal or the payment amount received from the store terminal during the transaction and the user Send challenge request information including authentication information and the store identification information to the challenge generation device,
Upon receiving the challenge request information, the challenge generation device generates challenge information including the store identification information, and transmits signature request information including the user authentication information, the payment amount, and the challenge information to the center. And
Upon receiving the signature request information, the center authenticates the user using the user authentication information, identifies the store terminal from the store identification information included in the challenge information, and the payment amount is the use amount Only when it is smaller than the payable balance of the user, a payment signature that is an electronic signature for the payment amount and the challenge information is generated, the payable balance of the user is reduced by the payment amount, and the store's The settlement amount is increased by the amount of payment, and a signature request response including the payment signature and the challenge information is sent to the user terminal,
Upon receiving the signature request response, the user terminal transmits a payment request response including the payment amount, the payment signature received from the center, and the challenge information to the store terminal,
When the store terminal receives a payment request response from the user terminal, the store terminal verifies the payment signature using the payment amount, the challenge information, and the held center public key. An electronic value distribution system characterized by completing processing.

In any one of Claims 1-4,
The center has certificate holding means for holding the center key certificate which is an electronic signature by a certification authority for information including the center public key,
The store terminal has a certification authority public key holding means for holding a certification authority public key, and a certificate verification means for verifying the center key certificate with the certification authority public key,
The center sends the held center key certificate together with the payment signature in the signature request response to the user terminal,
When the user terminal receives the center key certificate together with the payment signature, the user terminal transmits the center key certificate together with the payment signature to the store terminal included in the payment request response,
When the store terminal receives the payment request response including the center key certificate, the store terminal verifies the center key certificate using the held certification authority public key, and if the verification passes, the store terminal includes the center key certificate. An electronic value distribution system, wherein the center public key is held in the center public key holding means.

A user terminal carried by a user communicates with a center, communicates with a store terminal, and uses an public key signature method to distribute electronic value.
When the user terminal pays the store terminal,
The store terminal transmitting payment request information including the payment amount of the transaction and challenge information generated for the transaction to the user terminal;
When the user terminal receives payment request information from the store terminal, the user terminal transmits signature request information including the user authentication information, the payment amount, and the challenge information to the center;
When the center receives the signature request information, the user authentication information is used to authenticate the user, and the payment amount and the challenge only when the payment amount is smaller than the user's payable balance. Generating a payment signature which is an electronic signature for the information, reducing the payable balance of the user by the payment amount, and sending a signature request response including the payment signature to the user terminal;
When the user terminal receives a signature request response from the center, a payment request response including the payment signature received from the center is transmitted to the store terminal;
When the store terminal receives a payment request response from the user terminal, the payment signature is verified using the payment amount, the challenge information, and the held center public key, and if the verification is successful, Completing the payment process;
An electronic value distribution method characterized by comprising:

A user terminal carried by a user communicates with a center, communicates with a store terminal, and uses an public key signature method to distribute electronic value.
When the user terminal pays the store terminal,
The store terminal transmitting payment request information including challenge information generated for the transaction to the user terminal;
When the user terminal receives payment request information from the store terminal, the user terminal transmits signature request information including user authentication information, a payment amount determined by the user, and the challenge information to the center;
When the center receives the signature request information, it authenticates the user using the user authentication information, and the payment amount and the challenge information only when the payment amount is smaller than the payable balance of the user. Generating a payment signature which is an electronic signature for the user, reducing the payable balance of the user by the payment amount, and sending a signature request response including the payment signature to the user terminal;
When the user terminal receives a signature request response from the center, transmits a payment request response including the payment amount and the payment signature received from the center to the store terminal;
When the store terminal receives a payment request response from the user terminal, the payment signature is verified using the payment amount, the challenge information, and the held center public key. Completing the steps;
An electronic value distribution method characterized by comprising:

In claim 6 or claim 7,
The challenge information includes store identification information for identifying the store terminal,
In addition to the above processes, when the center receives the signature request information, the store terminal is identified from the store identification information included in the challenge information, and the payable balance of the user is calculated according to the payment amount. An electronic value distribution method comprising the step of increasing the payment amount of the store by the payment amount when the amount is reduced.

The challenge generation device communicates with the user terminal, communicates with the center, and the user terminal carried by the user communicates with the center, and with the store terminal. Is an electronic value distribution method for distributing electronic value using a public key signature method,
When the user terminal pays the store terminal,
The store terminal transmitting store identification information to the user terminal in advance or at the time of the transaction;
The user terminal holds the store identification information received from the store terminal, and the user pays the payment amount determined in advance by the user terminal or the payment amount received from the store terminal during the transaction and the user. Transmitting challenge request information including authentication information and the store identification information to the challenge generation device;
When the challenge generation device receives the challenge request information, the challenge generation device generates challenge information including the store identification information, and transmits signature request information including the user authentication information, the payment amount, and the challenge information to the center. Stages;
When the center receives the signature request information, the user authentication information is used to authenticate the user, the store terminal is identified from the store identification information included in the challenge information, and the payment amount is the use amount. Only when it is smaller than the payable balance of the user, a payment signature that is an electronic signature for the payment amount and the challenge information is generated, the payable balance of the user is reduced by the payment amount, and the store's Increasing the settlement amount by the payment amount and sending a signature request response including the payment signature and the challenge information to the user terminal;
When the user terminal receives the signature request response, a payment request response including the payment amount, the payment signature received from the center, and the challenge information is transmitted to the store terminal;
When the store terminal receives a payment request response from the user terminal, it verifies the payment signature using the payment amount, the challenge information, and the held center public key. Completing the steps;
An electronic value distribution method characterized by comprising:

In any one of Claims 6-9,
The center transmitting a center key certificate, which is an electronic signature by a certification authority for information including the center public key, to the user terminal together with the payment signature;
When the user terminal receives the center key certificate together with the payment signature, includes the center key certificate together with the payment signature in the payment request response and transmits it to the store terminal;
When the store terminal receives a payment request response including the center key certificate, the store terminal verifies the center key certificate using the held certification authority public key, and if the verification passes, it is included in the center key certificate. Holding the center public key in the center public key holding stage;
An electronic value distribution method characterized by comprising: