JP4448167B2 - Communication device, remote server and terminal device - Google Patents

Description

The present invention relates to a communication device, a remote server, and a terminal device.

  Generally, an ATM of a financial institution that operates with a card and a personal identification number such as a magnetic card or an IC card can perform a balance inquiry, an account transfer, a transfer, etc. in addition to a cash deposit / withdrawal. Recently, not only from ATMs set up by financial institutions, but also from terminal devices and mobile terminals connected to the network, it has performed balance inquiry, account transfer, and transfer processing for accounts established in financial institutions. I was able to do that. Normally, when these processes are performed via a network, a dedicated user ID and password for performing transactions via the network are required. Further, there is a case where the financial institution provides the user with a second and third personal identification number different from the personal identification number of the card for identity verification. Dedicated user IDs and passwords via the network, and the second and third passwords are stored and managed individually in each financial institution's system, and these authentication information includes the card number operated by the ATM and the card password. It is issued separately. The user can make a transaction via the network by logging in using the authentication information necessary for each financial institution.

  Cards that can be traded using ATM have a standardized data format so that they can be read and written in common by ATMs of financial institutions. However, a system such as a user ID and an authentication system in the case of performing a transaction via a network terminal as described above have not been unified for each financial institution. In this case, even in the case of access to the same account and transaction processing, an authentication system must be developed twice for transactions using ATM and transactions performed via a network. Furthermore, a user who has an account at a plurality of financial institutions not only memorizes the card PIN for each of the plurality of account numbers, but also when accessing via a network terminal, a different user ID, password, etc. It was inconvenient because you had to trade with.

  By the way, in recent years, it has been realized that a card number or the like is written on a non-contact IC chip mounted on a mobile phone and is read from a reading terminal device such as an ATM. A non-contact IC chip can store a plurality of pieces of financial card information (for example, Patent Document 1). For example, as financial card information, cash card information, loan card information, and credit card information of each financial institution may be recorded. Thus, while it is possible to manage a plurality of financial card information in a single contactless IC chip, it is necessary to set a separate encryption key for each financial card information and manage it safely. is there.

  If a non-contact IC chip is mounted on a mobile phone having a function as a network terminal, card information can be written into the non-contact IC chip, and transactions can be made via the network based on the written card information. . If the card information written in the non-contact IC chip is encrypted with an individual encryption key for each card information, and the user can trade on the network using the encrypted card information, the user ID is different for each financial institution. The inconvenience of having to remember passwords and passwords can be eliminated.

JP 7-334590 A

  However, when encrypting the card information to be written to the non-contact IC chip with an individual encryption key, an encryption key for encrypting the card information is issued for each financial institution issuing the card, or the encrypted card There was a problem that an authentication system for decrypting information and performing card authentication had to be constructed. Further, since each card information written in the non-contact IC chip is authenticated for each financial institution, there is a problem that it takes a processing time for the authentication.

Therefore, the present invention has been made in view of the above problems, and the object of the present invention is to eliminate the need to construct an authentication system for each financial institution, and to authenticate with a user ID and password dedicated via a network terminal. It is an object of the present invention to provide a new and improved communication device, remote server, and terminal device capable of authenticating card information via a network terminal without performing the above.

  In order to solve the above-described problem, according to one aspect of the present invention, a communication device equipped with an IC chip that can be connected to a financial institution server and a remote server via a network, and issues a card to the financial institution server. A card issuing request unit for requesting, a card information writing request unit for receiving card information of a card issued by a financial institution server in response to a request from the card issuing request unit, and requesting a remote server to write the card information; The card information for each card issued by the institution server is recorded, the individual area that can be accessed using a unique individual encryption key set for each card information, and the individual area identification for identifying the individual area Numbers and individual encryption keys for each individual area are recorded and accessed using the shared encryption key recorded on the remote server There is provided a communication device including a storage unit having a shared area that can be used.

  According to this configuration, the card is issued by the financial institution server in response to the card issuance request of the communication device, and the card information of the issued card is written to the IC chip by the remote server. The storage unit includes a shared area and an individual area. The encrypted card information is written in the individual area, and the identification information of the individual area and the individual encryption key are written in the shared area. The shared area is an area that serves as an index area for searching for individual areas. As a result, the card information written in the IC chip of the communication device can be accessed and acquired only by the remote server, and the security of the card information written in the IC chip is increased.

  Further, the financial institution only transmits the card information of the issued card to the communication device, and there is no need to construct an encryption system for encrypting the card information or a writing system for writing to the IC chip. Also, since the card information is written in the IC chip of the communication device, it is possible to save the trouble of issuing the card at the printing company and mailing it to the user's hand. This eliminates the need to have multiple different cards each time.

  Further, the remote server writes the encrypted card information in the individual area in response to a request from the card information write request unit, and encrypts the individual area identification number for identifying the individual area in the shared area and the individual area. An individual encryption key may be written. The shared area may be created in advance by the remote server, and the individual area may be created for each piece of card information by the remote server when requested by the card information write request unit. According to such a configuration, a shared area is created in advance in the IC card of the communication device by the remote server, and the individual area identification number and the individual encryption key are written in the shared area. As a result, only the remote server having the shared encryption key can be accessed in the shared area, and only the remote server that can acquire the individual encryption key can be accessed in the individual area.

  In the shared area, individual area search information for searching for an individual area may be recorded, and the individual area search information may be recorded in association with an individual area identification number, a financial institution type, and a card name. With this configuration, it is possible to obtain a structure in which an individual area can be searched from information recorded in the shared area.

  The remote server may encrypt the card information and give an electronic signature in response to a request from the card information write request unit. With this configuration, the security of card information can be further increased. The IC chip may be an IC chip capable of contact communication or non-contact communication. The shared area and the individual area may be recorded on an IC chip mounted on the communication device.

  In order to solve the above problems, according to another aspect of the present invention, there is provided a communication device equipped with an IC chip that can be connected to a financial institution server and a remote server via a network, and is issued by the financial institution server. The card information for each card is recorded and can be accessed using a unique individual encryption key set for each card information, the individual area identification number for identifying the individual area and the individual area And a shared area that can be accessed using the shared encryption key recorded in the remote server, and the remote server decrypts the individual area recorded in the storage unit. Card information authentication requesting section that requests authentication of card information through authentication, and card information of individual areas decrypted by the remote server A credit card information receiving unit, a password input unit that accepts input of a password corresponding to the card information, card information received by the card information receiving unit, and a password entered by the password input unit. There is provided a communication device including a card information transmitting unit that transmits to a server and an authentication result receiving unit that receives an authentication result of card information and a password from a financial institution server.

  According to this configuration, the card information is acquired from the shared area and the individual area recorded in the storage unit of the IC chip by the remote server in response to the card information authentication request of the communication device. Then, the card information acquired by the remote server is transmitted to the communication device. The communication device transmits the transmitted card information and the password entered by the user to the financial institution server. Then, the communication device receives the authentication result of the card information and the password from the financial institution server.

  As a result, the card information written in the IC chip of the communication device can be obtained only by the remote server having the shared encryption key for decrypting the shared area, and the security of the card information written in the communication device is improved. be able to. Further, since the card information written in the IC chip is decrypted by the remote server, it is not necessary for each financial institution to construct a system for decrypting the encrypted card information. Furthermore, since the user only inputs the personal identification number corresponding to the card information, that is, the personal identification number of the cash card, the user can make a transaction via the network in the same manner as a financial transaction using a normal ATM. That is, it is possible to conduct a financial transaction via the network without a dedicated user ID or password for performing the transaction via the network.

  The remote server acquires the individual area identification number and the individual encryption key of the individual area associated with the card information requested by the card information authentication request unit, and decrypts the individual area with the acquired individual encryption key. You may do it. The remote server may transmit the card information of the individual area to the communication device when the individual area can be correctly decrypted with the individual encryption key. With this configuration, the shared area can be accessed only by a remote server having a shared encryption key, and the individual area can be accessed only by a remote server that can acquire the individual encryption key.

  The financial institution server may authenticate whether the card information transmitted by the communication device and the personal identification number are a correct combination. The IC chip may be an IC chip capable of contact communication or non-contact communication. The shared area and the individual area may be recorded on an IC chip mounted on the communication device.

  In order to solve the above problems, according to another aspect of the present invention, there is provided a remote server that can be connected to a communication device and a financial institution server equipped with an IC chip via a network. The card information for each card issued by the server is recorded, the individual area that can be accessed using the unique encryption key set for each card information, and the individual area identification number for identifying the individual area And a shared area in which the individual encryption key for each individual area is recorded and accessible using the shared encryption key recorded in the remote server, and the storage unit included in the communication device A storage unit storing a shared encryption key used to access a shared area of the communication device and a financial institution server from a communication device An encryption unit that encrypts card information transmitted from the communication device in response to a card information write request of the card to be executed, and an individual storage unit provided in the communication device with the card information encrypted by the encryption unit An individual area writing unit for writing to the area, an individual area identification number of the individual area written by the individual area writing unit, and a shared area writing unit for writing the individual encryption key of the individual area to the shared area of the storage unit included in the communication device, A remote server is provided.

  According to this configuration, the remote server encrypts the card information transmitted from the communication device in response to the card information write request from the communication device, and the communication device includes the encrypted card information. The individual area identification number and the individual encryption key are written in the shared area. As a result, the card information written in the IC chip of the communication device can be accessed and acquired only by the remote server, and the security of the card information written in the IC chip can be improved.

  Further, the financial institution only transmits the card information of the issued card to the communication device, and there is no need to construct an encryption system for encrypting the card information or a writing system for writing to the IC chip. Also, since the card information is written in the IC chip of the communication device, it is possible to save the trouble of issuing the card at the printing company and mailing it to the user's hand. This eliminates the need to have multiple different cards each time.

  Further, a shared area creation unit may be provided for creating a shared area when no shared area is created in the IC chip of the communication device. The shared area may create the shared area of the communication device when the communication device requests writing of the card information, or the shared area may be created in advance before the writing is requested. May be.

  In order to solve the above problems, according to another aspect of the present invention, there is provided a remote server that can be connected to a communication device and a financial institution server equipped with an IC chip via a network. The card information for each card issued by the server is recorded, the individual area that can be accessed using a unique individual encryption key set for each card information, and the individual area identification number for identifying the individual area And a shared area in which the individual encryption key for each individual area is recorded and accessible using the shared encryption key recorded in the remote server, and the storage unit provided in the communication device A storage unit in which a shared encryption key used to access the shared area is recorded and a card information authentication request from a communication device. Next, the shared area recorded in the storage unit of the communication device, the area reading unit that reads the individual area corresponding to the card information requested to be authenticated by the communication device, and the individual area by decrypting the shared area with the shared encryption key A card information acquisition unit that acquires the card information acquired by the card information, decrypts the individual area with the encryption key of the individual area and acquires the card information included in the individual area, and transmits the card information acquired by the card information acquisition unit to the communication device A remote server comprising a card information transmitting unit for performing the operation.

  According to this configuration, the remote server reads the shared area and the individual area in response to the card information authentication request from the communication device. Then, the shared area is decrypted with the shared encryption key recorded in the remote server, the card information included in the individual area is acquired, and the card information is transmitted to the communication device. As a result, the card information written in the IC chip of the communication device can be obtained only by the remote server having the shared encryption key for decrypting the shared area, and the security of the card information written in the communication device is improved. be able to. Further, since the card information written in the IC chip is decrypted by the remote server, it is not necessary for each financial institution to construct a system for decrypting the encrypted card information. Furthermore, since the user only inputs the personal identification number corresponding to the card information, that is, the personal identification number of the cash card, the user can make a transaction via the network in the same manner as a financial transaction using a normal ATM. That is, it is possible to conduct a financial transaction via the network without a dedicated user ID or password for performing the transaction via the network.

  In order to solve the above problems, according to another aspect of the present invention, non-contact communication is possible via a communication device and a reader / writer equipped with a non-contact IC chip, and a financial institution server, a remote server, and a network are connected. A terminal device that can be connected via the card, the card information for each card issued by the financial institution server is recorded in the communication device, and accessed using a unique individual encryption key set for each card information Area that can be accessed, an individual area identification number for identifying the individual area, and an individual encryption key for each individual area, and can be accessed using the shared encryption key recorded in the remote server A card issuing request unit that requests the financial institution server to issue a card in response to a user input, and a card A card information write request unit that receives a card and information issued by a financial institution server in response to a request from the issue request unit, and requests the remote server to write the card information. The encrypted card information is written to the individual area of the communication device via the writer, and the individual area identification number for identifying the individual area and the individual encryption key for encrypting the individual area are stored in the common area of the communication device. A terminal device is provided which is written.

  According to this configuration, the card is issued by the financial institution server in response to the card issue request of the terminal device, and the card information of the card issued by the remote server is written to the non-contact IC chip. The storage unit of the non-contact IC chip has a shared area and an individual area. The encrypted card information is written in the individual area, and the identification information and the individual encryption key of the individual area are written in the shared area. As a result, the card information written in the non-contact IC chip of the communication device can be accessed and acquired only by the remote server, and the security of the card information written in the non-contact IC chip can be improved. it can.

  Further, since the terminal device makes a card issuance request or a card information write request, the communication device only needs to be equipped with a non-contact IC chip, and the communication device can be a simple device. Furthermore, since the terminal device has a reader / writer capable of non-contact communication and can be connected to a network, even if the terminal device is not installed in a store such as a financial institution, a user's PC or home appliance Etc. can be applied. That is, even if the device does not have a dedicated function of the terminal device, the function of the terminal device can be installed and used in a device having another function.

  In order to solve the above problems, according to another aspect of the present invention, non-contact communication is possible via a communication device and a reader / writer equipped with a non-contact IC chip, and a financial institution server, a remote server, and a network are connected. A terminal device that can be connected to the communication device, in which the card information for each card issued by the financial institution server is recorded and accessed using a unique individual encryption key set for each card information Area that can be accessed, the individual area identification number for identifying the individual area and the individual encryption key for each individual area are recorded and can be accessed using the shared encryption key recorded in the remote server And a storage unit that has A card information authentication requesting unit for requesting authentication of the received information, a card information receiving unit for receiving the card information of the individual area decrypted by using the shared encryption key by the remote server, and an input of a personal identification number corresponding to the card information A card number input unit that receives the card information, a card information received by the card information receiving unit, a card information transmission unit that transmits the password entered by the code number input unit to the financial institution server, and card information from the financial institution server. And an authentication result receiving unit that receives an authentication result of the personal identification number and the personal identification number.

  According to this configuration, the card information is acquired from the shared area and the individual area recorded in the storage unit of the non-contact IC chip by the remote server in response to the card information authentication request of the terminal device. Then, the card information acquired by the remote server is transmitted to the terminal device. The terminal device transmits the transmitted card information and the password entered by the user to the financial institution server. The financial institution server authenticates the card information from the card information and the password, and transmits an authentication result to the terminal device.

  Only the remote server having the shared encryption key for decrypting the shared area can be acquired from the card information written in the contactless IC chip of the communication device, and the security of the card information written in the communication device is increased. . Further, since the card information written in the non-contact IC chip is decrypted by the remote server, it is not necessary for each financial institution to construct a system for decrypting the encrypted card information. Furthermore, since the user only inputs the personal identification number corresponding to the card information, that is, the personal identification number of the cash card, the user can perform transactions via the network in the same manner as a financial transaction using a normal ATM. In other words, financial transactions can be made via the network without a dedicated user ID or password for making transactions via the network.

  In order to solve the above problems, according to another aspect of the present invention, a financial card issuing system including a communication device equipped with an IC chip, and a financial institution server and a remote server connectable to the communication device via a network Is provided. The financial institution server includes a card information transmission unit that transmits card information of a card to be issued to the communication device in response to a card issuance request from the communication device.

  The communication device includes a card issuance request unit that requests the financial institution server to issue a card, a card information write request unit that receives the card information transmitted from the financial institution server and requests the remote server to write the card information, An individual area for identifying the individual area that can be accessed using a unique individual encryption key set for each card information, in which card information issued for each card issued by the financial institution server is recorded. A storage unit having a shared area in which an identification number and an individual encryption key for each individual area are recorded and accessible using the shared encryption key recorded in the remote server.

  The remote server is transmitted from the communication device in response to the storage unit storing the shared encryption key used for accessing the shared area of the storage unit included in the communication device and the card information write request from the communication device. An encryption unit for encrypting the card information, an individual area writing unit for writing the card information encrypted by the encryption unit to an individual area of the storage unit included in the communication device, and an individual area written by the individual area writing unit. A shared area writing unit that writes an individual area identification number and an individual encryption key of the individual area into a shared area of a storage unit included in the communication device.

  In order to solve the above problems, according to another aspect of the present invention, a financial card authentication system including a communication device equipped with an IC chip, and a financial institution server and a remote server connectable to the communication device via a network Is provided. The communication device records the card information for each card issued by the financial institution server, and identifies the individual area and individual area that can be accessed using a unique individual encryption key set for each card information. A storage unit having a shared area in which an individual area identification number and an individual encryption key for each individual area are recorded and accessible using the shared encryption key recorded in the remote server; and A card information authentication request unit for requesting authentication of card information by decrypting the individual area recorded in the storage unit, and card information for receiving the card information of the individual area decrypted by using a shared encryption key by the remote server A receiver, a password input unit for receiving an input of a password corresponding to the card information, and a card received by the card information receiver. A card information transmission unit that transmits information and a password entered by the password input unit to the financial institution server, and an authentication result reception unit that receives an authentication result of the card information and the password from the financial institution server. Prepare.

  The remote server includes a storage unit in which a shared encryption key used to access a shared area of a storage unit included in the communication device is recorded, and a storage unit of the communication device in response to an authentication request for card information from the communication device The shared area recorded in the area, the area reading unit that reads the individual area corresponding to the card information requested to be authenticated by the communication device, and the shared area is decrypted with the shared encryption key to obtain the encryption key of the individual area A card information acquisition unit that decrypts the individual area with the encryption key of the area and acquires card information included in the individual area, and a card information transmission unit that transmits the card information acquired by the card information acquisition unit to the communication device. The financial institution server authenticates the card information based on the card information and the password transmitted from the communication device. Includes a card information authentication unit that, a.

  In order to solve the above problems, according to another aspect of the present invention, a communication device equipped with a non-contact IC chip, a terminal device capable of non-contact communication via a reader / writer, a terminal device, and a network A financial card authentication system including a connectable financial institution server and a remote server is provided. The financial institution server includes a card information transmission unit that transmits card information of a card to be issued to the communication device in response to a card issuance request from the communication device. The communication device records the card information for each card issued by the financial institution server, and identifies the individual area and individual area that can be accessed using a unique individual encryption key set for each card information. A storage unit having a shared area in which an individual area identification number and an individual encryption key for each individual area are recorded and accessible using the shared encryption key recorded in the remote server.

  In response to a user input, the terminal device receives a card issuance request unit that requests the financial institution server to issue a card and the card information transmitted from the financial institution server, and requests the remote server to write the card information. A card information write request unit. The remote server is transmitted from the terminal device in response to a storage unit storing a shared encryption key used for accessing a shared area of the storage unit included in the communication device and a card information write request from the terminal device. An encryption unit that encrypts card information, an individual area writing unit that writes the card information encrypted by the encryption unit to an individual area of a storage unit included in the communication device via a reader / writer, and an individual area writing unit And a shared area writing unit that writes the individual area identification number of the individual area written in the above and the individual encryption key of the individual area into the shared area of the storage unit included in the communication device.

  In order to solve the above problems, according to another aspect of the present invention, a communication device equipped with a non-contact IC chip, a terminal device capable of non-contact communication via a reader / writer, a terminal device, and a network A financial card authentication system including a connectable financial institution server and a remote server is provided. The communication device records the card information for each card issued by the financial institution server, and identifies the individual area and individual area that can be accessed using a unique individual encryption key set for each card information. A storage unit having a shared area in which an individual area identification number and an individual encryption key for each individual area are recorded and accessible using the shared encryption key recorded in the remote server.

  The terminal device uses a shared encryption key by a remote server and a card information authentication request unit that requests authentication of card information by decrypting an individual area recorded in a storage unit included in the communication device. A card information receiving unit that receives the card information of the individual area, a password input unit that receives an input of a password corresponding to the card information, card information received by the card information receiving unit, and a password input unit A card information transmitting unit that transmits the input personal identification number to the financial institution server; and an authentication result receiving unit that receives an authentication result of the card information and the personal identification number from the financial institution server.

  The remote server includes a storage unit storing a shared encryption key used for accessing a shared area of the storage unit included in the communication device, and a reader / writer in response to an authentication request for card information from the terminal device. A shared area recorded in a storage unit included in the communication device, an area reading unit that reads an individual area corresponding to card information requested to be authenticated by the terminal device, and an individual area by decrypting the shared area with a shared encryption key A card information acquisition unit that acquires the card information contained in the individual area by decrypting the individual area with the encryption key of the individual area, and transmits the card information acquired by the card information acquisition unit to the terminal device A card information transmission unit. The said financial institution server is provided with the card information authentication part which authenticates card information based on the card information and PIN which were transmitted from the terminal device.

  In order to solve the above problems, according to another aspect of the present invention, a communication device equipped with an IC chip, which can connect a computer to a financial institution server and a remote server via a network, the financial institution server Card issuance request unit for requesting card issuance to the card, and a card information write request for receiving the card information of the card issued by the financial institution server in response to a request from the card issuance request unit and requesting the remote server to write the card information Information is recorded for each card issued by the financial institution server, and the individual area that can be accessed using the unique individual encryption key set for each card information, and the individual area The individual area identification number and the individual encryption key for each individual area are recorded, and the shared encryption key recorded on the remote server is To function as a communication device comprising a storage unit, a having a common area that can be accessed have the program is provided.

  In order to solve the above-described problem, according to another aspect of the present invention, a communication device equipped with an IC chip that can connect a computer to a financial institution server and a remote server via a network, the financial institution server The card information for each card issued by is recorded, an individual area that can be accessed using a unique individual encryption key set for each card information, an individual area identification number for identifying the individual area, and An individual encryption key for each individual area is recorded, and a shared area that can be accessed using a shared encryption key recorded on the remote server, and a remote server and an individual recorded in the storage unit A card information authentication request unit that requests authentication of card information by decrypting the area, and an individual area decrypted by the remote server. Card information receiving unit that receives the card information, a password input unit that accepts input of a password corresponding to the card information, card information received by the card information receiving unit, and a password entered by the password number input unit And a card information transmitting unit for transmitting the authentication information to the financial institution server and an authentication result receiving unit for receiving the authentication result of the card information and the personal identification number from the financial institution server. The

  In order to solve the above problems, according to another aspect of the present invention, a computer is a remote server that can be connected to a communication device equipped with an IC chip and a financial institution server via a network. , The card information for each card issued by the financial institution server is recorded, the individual area that can be accessed using the unique individual encryption key set for each card information, and the individual area for identifying the individual area A storage unit having an area identification number and an individual encryption key for each individual area, and a shared area that can be accessed using the shared encryption key recorded in the remote server. A storage unit storing a shared encryption key used for accessing a shared area of the storage unit, and a financial device from a communication device An encryption unit that encrypts card information transmitted from the communication device in response to a card information write request issued by the server, and a storage unit that includes the card information encrypted by the encryption unit. An individual area writing unit for writing to the individual area, a shared area writing unit for writing the individual area identification number of the individual area written by the individual area writing unit, and the individual encryption key of the individual area to the shared area of the storage unit included in the communication device And a program for functioning as a remote server.

  In order to solve the above problems, according to another aspect of the present invention, a computer is a remote server that can be connected to a communication device equipped with an IC chip and a financial institution server via a network. , The card information for each card issued by the financial institution server is recorded, the individual area that can be accessed using the unique individual encryption key set for each card information, and the individual area for identifying the individual area A storage unit having an area identification number and an individual encryption key for each individual area, and a shared area that can be accessed using the shared encryption key recorded in the remote server. A storage unit in which a shared encryption key used for accessing a shared area of the storage unit is provided, and card information from a communication device. In response to the authentication request, the shared area recorded in the storage unit of the communication device, the area reading unit that reads the individual area corresponding to the card information requested to be authenticated by the communication device, and the shared encryption key are decrypted To obtain the encryption key of the individual area, decrypt the individual area with the encryption key of the individual area and obtain the card information included in the individual area, and the card information obtained by the card information obtaining unit. A program for functioning as a remote server including a card information transmission unit that transmits to a communication device is provided.

  In order to solve the above-described problem, according to another aspect of the present invention, a computer can communicate with a communication device having a non-contact IC chip and a reader / writer via a reader / writer. And a terminal device connectable via a network, wherein the communication device records card information for each card issued by the financial institution server, and uses a unique individual encryption key set for each card information. The individual area that can be accessed, the individual area identification number for identifying the individual area, and the individual encryption key for each individual area are recorded and can be accessed using the shared encryption key recorded in the remote server A storage unit having a shared area, and a card issuing unit that requests the financial institution server to issue a card in response to a user input. A terminal device comprising: a request unit; and a card information write request unit that receives a card and information of a card issued by a financial institution server in response to a request from the card issue request unit and requests a remote server to write the card information A program for functioning as a program is provided.

  In order to solve the above-described problem, according to another aspect of the present invention, a computer can communicate with a communication device having a non-contact IC chip and a reader / writer via a reader / writer. And a terminal device connectable via a network, wherein the communication device records card information for each card issued by the financial institution server, and uses a unique individual encryption key set for each card information. The individual area that can be accessed, the individual area identification number for identifying the individual area, and the individual encryption key for each individual area are recorded and can be accessed using the shared encryption key recorded in the remote server A shared area, and an individual area recorded in the storage unit provided in the communication device in the remote server A card information authentication requesting unit for requesting authentication of card information by decryption, a card information receiving unit for receiving card information of an individual area decrypted using a shared encryption key by a remote server, and a password corresponding to the card information A personal identification number input unit that accepts an input of a number, a card information transmission unit that transmits the card information received by the card information reception unit, and the personal identification number input by the personal identification number input unit to the financial institution server, and a financial institution server Provides a program for causing a terminal device to function as an authentication result receiving unit that receives an authentication result of card information and a password.

  As described above, according to the present invention, it is not necessary to construct an authentication system for each financial institution, and card information can be authenticated via a network terminal without using a dedicated user ID and password via the network terminal. Can do.

  Exemplary embodiments of the present invention will be described below in detail with reference to the accompanying drawings. In addition, in this specification and drawing, about the component which has the substantially same function structure, the duplicate description is abbreviate | omitted by attaching | subjecting the same code | symbol.

(First embodiment)
First, the outline of the financial card issuance / authentication system according to the first embodiment of the present invention will be described. FIG. 1 is an explanatory diagram showing a configuration example of a financial card issuing / authentication system 10 according to the present embodiment. As shown in FIG. 1, the financial card issuance / authentication system 10 includes a communication device 100, a remote server 200, a financial institution server 300, a network 50, and the like. Communication device 100, remote server 200, and financial institution server 300 are connected via network 50. The network 50 is configured by a public line network such as the Internet, a telephone line network, a satellite communication network, etc., or a dedicated line network such as a WAN, LAN, IP-VPN, etc., and may be wired or wireless.

  The communication device 100 is a mobile terminal on which an IC chip 150 is mounted. Hereinafter, as an example of the communication device 100, a mobile phone equipped with an IC chip 150 will be described as applied to the communication device of the present invention. However, the present invention is not limited to this example. The communication device 100 may be, for example, a PDA (Personal Digital Assistant) equipped with an IC chip, a wristwatch, a portable music player, or the like.

  The IC chip 150 mounted on the communication device 100 may be an IC chip capable of contact communication or an IC chip capable of non-contact communication. The IC chip 150 is a secure memory having tamper resistance. The communication device 100 may be equipped with a plurality of IC chips, and may be configured to use each IC chip depending on the application. Hereinafter, the communication device 100 on which one IC chip capable of providing a financial service is mounted will be mainly described as an example.

  The remote server 200 is connected to the communication device 100 via the network 50, and performs writing and reading of data with respect to the IC chip 150 in response to a request from the communication device 100. Specifically, it has an encryption key for encrypting data recorded in the IC chip 150, and writes the encrypted data into the IC chip 150 or reads the encrypted data written into the IC chip 150. Data written to the IC chip 150 can be read only by the remote server 200 having the encryption key of the IC chip. That is, the data written in the IC chip 150 is information that cannot be decoded and acquired by the communication device 100 itself. Since the present embodiment is a financial card issuance / authentication system for issuing / authenticating a financial institution card, data written to the IC chip 150 is financial institution card information, for example, financial institution number, store Examples include numbers, account numbers, and deposit types.

  The financial institution server 300 is connected to the communication device 100 via the network 50, and issues a card that can be traded in the financial institution and authenticates the card in response to a request from the communication device 100. Specifically, the card is issued in response to the card issuance request of the communication device 100, and the card information of the issued card is transmitted to the communication device 100. Normally, cards issued by financial institutions can be issued by terminals such as ATMs, but the actual card is issued from the printing company and mailed to the user for several days to several weeks. It takes. However, according to the present embodiment, since the card information issued by the financial institution server 300 is written into the IC chip 150 of the communication device 100 by the remote server 200, the card issuing time can be greatly shortened.

  The card information issued by the financial institution server 300 is encrypted by the remote server 200 and recorded on the IC chip 150 of the communication device 100. For this reason, it is possible to issue a card by writing card information to the IC chip 150 without preparing a dedicated user ID or password for performing transactions via the network. In addition, since the remote server 200 centrally encrypts card information and records it on the IC chip 150, an issuing system for encrypting card information and writing to the IC chip 150 in the financial institution server 300 is provided. No need to build.

  Further, as described above, the card information recorded on the IC chip 150 of the communication device 100 can be decrypted and acquired only by the remote server 200. In response to the card authentication request from the communication device 100, the remote server 200 transmits the decrypted card information to the communication device 100. Then, the communication device 100 transmits the transmitted card information and a password corresponding to the card information to the financial institution server 300. The financial institution server 300 can authenticate the card based on the card information and the personal identification number transmitted from the communication device.

  As described above, even the card information of different financial institutions and card types can be decrypted and notified to the communication device 100 by the remote server 200 in an integrated manner. Then, the card information notified to the communication device 100 and the password corresponding to the card information input to the communication device 100 are transmitted to the financial institution server 300. Each financial institution does not need to build an authentication system for authenticating card information independently, and can authenticate card information safely via the network without a dedicated user ID and password for transactions via the network. It becomes possible to do.

  The outline of the financial card issuance / authentication system 10 has been described above. Next, detailed configurations of the communication device 100, the IC chip 150, the remote server 200, and the financial institution server 300 related to the issuance of the financial card in the financial card issuance / authentication system 10 will be described. Hereinafter, a system related to the issue of a financial card of the financial card issue / authentication system 10 is referred to as a financial card issue system 10, and a system related to the authentication of the financial card of the financial card issue / authentication system 10 is also referred to as a financial card authentication system 10. .

  FIG. 2 is a block diagram illustrating functional configurations of the communication device 100, the IC chip 150, the remote server 200, and the financial institution server 300. As shown in FIG. 2, the communication device 100 includes a control unit 102, a communication control unit 120, an input / output unit 130, an IC chip control unit 140, an IC chip 150, and the like.

  The control unit 102 has a function of controlling the function of the communication device 100 by a program in the communication device 100, and includes a card issue request unit 104, a card information write request unit 106, and the like. The card issue request unit 104 has a function of requesting the financial institution server 300 to issue a card via the communication control unit 120. The card issue request may be requested in response to a user input. Specifically, a card issuance request may be made by a user's key input or the like via an input / output unit 130 described later.

  The card information write request unit 106 receives the card information of the card issued by the financial institution server 300 in response to the request from the card issue request unit 104 via the communication control unit 120, and remotely writes the received card information. It has a function requested to the server 200. Here, writing the card information means writing the card information to the IC chip 150. Details of the IC chip 150 and card information will be described later in detail.

  The communication control unit 120 is a communication interface configured by a communication device or the like for connecting to a network such as the Internet, and transmits and receives data to and from the remote server 200 or the financial institution server 300 via the network. It has a function.

  The input / output unit 130 is an input / output interface provided in the communication device 100. The input interface is, for example, a numeric keypad, a button, a touch panel, etc., and has a function of accepting user input. The output interface is, for example, a display device such as a display display or a lamp, or an audio output device such as a speaker.

  The IC chip control unit 140 has a function of transferring data between the IC chip 150 and the control unit 102 or the communication control unit 120 of the communication device. The IC chip 150 is a secure memory that is mounted on the communication device 100, has a function of performing contact communication or non-contact communication with an external device, and has tamper resistance. The IC chip 150 may include a central processing unit (CPU), a read only memory (ROM), a random access memory (RAM), a storage unit, and the like. In the present embodiment, the case where the IC chip 150 mainly has a storage unit and the storage unit has an index area 152 and an individual area 154 will be described.

The index area 152 is an example of a shared area that can be accessed using a shared encryption key held by the remote server 200. In the index area 152, an individual area identification number for identifying the individual area 154 and an individual encryption key for each individual area 154 are recorded. The individual area 154 is an area in which card information for each card issued by the financial institution server 300 is recorded and can be accessed using a unique individual encryption key set for each card information. You may have an area.

Details of the index area 152 and the individual area 154 will be described with reference to FIGS. 3 and 4. FIG. 3 is an explanatory diagram for explaining the contents of the storage unit of the IC chip 150 . FIG. 4 is an explanatory diagram for explaining the contents of the index area 152 and the individual area 154.

As shown in FIG. 3, the storage unit of the IC chip 150 has an area code 1502 that is area identification information for identifying each area, an area name 1504 that is the name of each area, and a name of data stored in each area. Data name 1506, service code 1508 for each area, stored data 1510 to be stored, and the like. Card information 1 and card information 2 are specific examples of the individual area 154.

  As described above, the storage data 1510 of the index area 152 includes the area code “1000” of the card information 1, the area code “3000” of the card information 2, the key value 1 of the encryption key of the card information 1, the card The key value 2 of the encryption key of information 2 is stored. The stored data of the card information 1 stores the card number “111-1111111” and the name “YAMADA”, and the stored data of the card information 2 stores the card number “222-2222222” and the name “YAMADA”. Yes. The service code 1508 may be calculated from the area code value of the area code 1502.

  The stored data 1510 stored in the index area 152 is encrypted with the index area encryption key and signed with the index area signature key. The encryption key and signature key of the index area are recorded in the storage unit of the remote server 200. The storage data 1510 stored in the card information 1 is encrypted with the encryption key 1, and the storage data 1510 stored in the card information 2 is encrypted with the encryption key 2. The remote server 200 performs decryption of the index area 152 and verification of the signature using the encryption key and signature key of the index area 152 held by itself, and the area code of the individual area 154 and the encryption key of each individual area 154 And the storage data stored in the individual area 154 is acquired. The functional configuration of the remote server 200 will be described later in detail.

Next, the contents of the index area 152 and the individual area 154 will be described with reference to FIG. As shown in FIG. 4, the index area 152 includes index area management information 1522 and individual area management information 1524. The index area management information 1522 is information for managing the index of the individual area, and specifically, an area code that is individual area identification information for identifying the individual area, a financial institution type, a card name, and an individual area. Including the expiry date. The index area management information 1522 is information recorded as individual area search information for searching for individual areas.

  The individual area management information 1524 is information for managing an access method for each individual area, and specifically includes an individual area access encryption key, an individual area access encryption key version, and the like. The individual area management information and the individual area access information are generated as many as the number of individual areas 154. That is, when the issue of a plurality of cards is requested, individual areas are generated as many as the number of requested cards, and individual area management information and individual area access information are generated.

The individual area 154 includes an encryption method type, an encryption key version, a signature method type, a signature key version, a signature expiration date, encrypted card data, signature data, and the like. Area 154 is identified. As shown in FIG. 4, the individual area 154 is searched based on the area code of the individual area included in the index area management information 1522 of the index area 152, and the individual area access encryption key and the individual area access information included in the individual area management information 1524. Decrypted by encryption key version for area access. The contents of the index area 152 and the individual area 154 have been described above.

  Returning to FIG. 2, the functional configuration of the remote server 200 will be described. The remote server 200 includes a communication control unit 202, a storage unit 204, an index area creation unit 206, an encryption unit 208, an individual area writing unit 210, an index area writing unit 212, and the like. The communication control unit 202 is a communication interface configured by a communication device or the like for connecting to a network such as the Internet, and has a function of transmitting and receiving data to and from the communication device 100 via the network.

  The storage unit 204 is, for example, a non-volatile memory such as an EEPROM (Electrically Erasable Programmable Read-Only Memory), an EPROM (Erasable Programmable Read Only Memory), a hard disk, a disk type magnetic disk, or an R Compact Disc Recordable / RW (ReWriteable), DVD-R (Digital Versatile Disc Recordable) / RW / + R / + RW / RAM (Ramdam Access Memory) and BD (BlueDRE-B) Optical discs such as MO (Magneto Opt) ical) may be a storage medium such as a disk. In the storage unit 204, a shared encryption key used for accessing the index area 152 of the communication device 100 is recorded.

  The index area creation unit 206 has a function of creating the index area 152 in the IC chip 150 of the communication device 100. The index area 152 is created in advance before writing card information. When the communication device 100 requests writing of card information, the index area 152 may be created, or it may be created in advance before the communication device 100 requests writing of card information. It may be.

  The encryption unit 208 has a function of encrypting the card information transmitted from the communication device 100 in response to a card information write request issued by the financial institution server 300 from the communication device 100. The individual area writing unit 210 has a function of writing the card information encrypted by the encryption unit 208 to the individual area 154 in the IC chip 150 of the communication device 100 via the communication control unit 202.

The index area writing unit 212 uses the individual area identification number of the individual area 154 written by the individual area writing unit 210 and the individual encryption key obtained by encrypting the individual area 154 as an index area in the IC chip 150 of the communication device 100. 152 has a function of writing. When a signature is given to the card information written in the individual area 154, the signature information may be written in the index area 152 together with the individual encryption key. The functional configuration of the remote server 200 has been described above.

  Next, the functional configuration of the financial institution server 300 will be described. The financial institution server 300 includes a communication control unit 302, a card issuing unit 304, a card information DB 306, and the like. The communication control unit 302 is a communication interface configured with a communication device or the like for connecting to a network such as the Internet, and has a function of transmitting and receiving data to and from the communication device 100 via the network.

  The card issuing unit 304 has a function of issuing a card in response to a card issuing request from the communication device 100 and transmitting card information of the issued card to the communication device 100 via the communication control unit 302. The card information includes a card number, a cardholder's name, a financial institution type, a card name, and the like.

  The card information DB 306 is, for example, a non-volatile memory such as an EEPROM (Electrically Erasable Programmable Read-Only Memory) or an EPROM (Erasable Programmable Read Only Memory), a hard disk, a disk type magnetic disk, or an R-type magnetic disk such as a disk. Compact Disc Recordable / RW (ReWriteable), DVD-R (Digital Versatile Disc Recordable) / RW / + R / + RW / RAM (Ramdam Access Memory) and BD (BlueDRE-B) Optical discs such as MO (Magnet) Optical) may be a storage medium such as a disk. In the card information DB 306, card information of the card issued by the card issuing unit 304 and a personal identification number corresponding to the card information are recorded. The functional configuration of the financial institution server 300 has been described above.

  Next, a card issuing method executed in the financial card issuing system 10 will be described. FIG. 5 is a timing chart showing the flow of the card issuing method executed in the financial card issuing system 10. As shown in FIG. 5, first, a user input is made via the input / output unit 130 of the communication device 100 (S102). The user input in step S102 is, for example, that the card issue request program of the communication device 100 is activated by a user key input or the like. When a user input is made in step S102, the card issuance request unit 104 of the communication device 100 makes a card issuance request to the financial institution server 300 (S104). In step S104, the financial institution server 300 for which the card issuance request is made by the communication device 100 issues a card (S106).

  The card information of the card issued in step S106 is transmitted to the communication device 100 (S108). In step S108, the communication device 100 that has received the card information of the issued card requests the remote server 200 to write the card information (S110). The remote server 200 requested to write the card information in step S110 writes the card information transmitted from the communication device 100 to the IC chip 150 (S112). In step S112, the communication device 100 is notified of the result of writing to the IC chip 150 (S114). The communication device 100 notified of the writing result in step S114 may display the notification result on the display. The card issuing method executed in the financial card issuing system 10 has been described above.

  Next, a card information writing method in the remote server 200 will be described in detail with reference to FIG. FIG. 6 is a flowchart showing the flow of the card information writing process in the remote server 200. As shown in FIG. 6, the remote server 200 first determines whether or not an index area is created in the IC chip 150 (S120). If it is determined in step S120 that an index area has already been created, the process of step S124 is performed. If it is determined in step S120 that an index area has not yet been created, an index area is created in the IC chip 150 (S122). The index area created in step S122 is encrypted with the shared encryption key recorded in the storage unit 204 of the remote server 200.

  Then, the card information transmitted from the communication device 100 is encrypted (S124). In step S124, an electronic signature may be added together with the encryption of the card information. Thereby, the security of the card information in the IC chip is further increased. Next, an individual area is generated (S126). As described above, the individual area generated in step S126 may be generated for each financial institution or may be generated for each card information of the financial institution. The card information encrypted in step S124 is written in the individual area generated in step S126 (S128). Then, the area identification information of the individual area written in step S128, the individual encryption key for accessing the individual area, and the encryption key version are written into the index area (S130). The card information writing method in the remote server 200 has been described in detail above.

  The financial card issuing system 10 according to the first embodiment has been described above. According to the financial card issuing system 10, a card is issued by the financial institution server 300 in response to a card issuance request from the communication device 100, and card information of the issued card is written into the IC chip 150 by the remote server 200. The storage unit of the IC chip 150 has an index area and an individual area. The encrypted card information is written in the individual area, and the identification information and the individual encryption key of the individual area are written in the index area. As a result, the card information written in the IC chip 150 of the communication device 100 can be accessed and acquired only by the remote server 200, and the security of the card information written in the IC chip 150 is increased. .

  Further, the financial institution only transmits the card information of the issued card to the communication device, and there is no need to construct an encryption system for encrypting the card information or a writing system for writing to the IC chip 150. . Further, since the card information is written in the IC chip 150 of the communication device 100, it is possible to save the trouble of issuing the card at the printing company and mailing it to the user's hand. This eliminates the need to have multiple cards for each account. The financial card issuing system according to the first embodiment has been described above.

  Next, detailed configurations of the communication device 100, the IC chip 150, the remote server 200, and the financial institution server 300 related to financial card authentication of the financial card issuance / authentication system 10 according to the present embodiment will be described. The system will be described. The outline of the financial card authentication system is as described with reference to FIG. In the following, functions different from the financial card issuing system 10 according to the present embodiment will be mainly described.

  FIG. 7 is a block diagram illustrating functional configurations of the communication device 100, the IC chip 150, the remote server 200, and the financial institution server 300. As shown in FIG. 7, the communication device 100 includes a control unit 102, a communication control unit 120, an input / output unit 130, an IC chip control unit 140, an IC chip 150, and the like. Since the IC chip control unit 140 and the IC chip 150 are as described in the description of the financial card issuing system 10, detailed description thereof is omitted.

  The control unit 102 has a function of controlling the function of the communication device 100 by a program in the communication device 100, and mainly includes a card information authentication request unit 108. The card information authentication request unit 108 has a function of requesting the remote server 200 to authenticate card information by decrypting the individual area recorded in the IC chip 150. The card information authentication request may be made in response to an input from the user of the communication device 100. For example, the card information authentication request may be made by the user starting a financial transaction start program via the input / output unit 130.

  The communication control unit 120 is a communication interface configured by a communication device or the like for connecting to a network such as the Internet, and transmits and receives data to and from the remote server 200 or the financial institution server 300 via the network. It has a function. The communication control unit 120 includes a card information receiving unit 122, an authentication result receiving unit 124, and the like. The card information receiving unit 122 has a function of receiving the card information of the individual area decrypted by the remote server 200, and the authentication result receiving unit 124 is the card information transmitted from the remote server 200 from the financial institution server 300. And an authentication result of the personal identification number corresponding to the card information. The password corresponding to the card information is information input by the user of the communication device 100.

  The input / output unit 130 is an input / output interface provided in the communication device 100, and mainly includes a personal identification number input unit 132. As described above, the password corresponding to the card information is input by the user via the password input unit 132. For example, a password is input by the user via a numeric keypad or a touch panel provided in the communication device 100. The functional configuration of the communication device 100 has been described above.

  Next, the functional configuration of the remote server 200 will be described. The remote server 200 includes a communication control unit 202, a storage unit 204, an area reading unit 214, a card information acquisition unit 216, and the like. The storage unit 204 has the same function as that of the financial card issuance system 10 and records a shared encryption key used for accessing the index area 152 of the communication device 100.

  The area reading unit 214 has a function of reading the index area 152 and the individual area 154 corresponding to the card information requested to be authenticated by the communication device 100 in response to the card information authentication request from the communication device 100. The communication device 100 may make a card information authentication request based on the area number of the individual area.

The card information acquisition unit 216 decrypts the index area 152 with the shared encryption key recorded in the storage unit 204 to acquire the encryption key for the individual area, and decrypts the individual area 154 with the encryption key to be included in the individual area 154 It has a function to acquire card information. As described above, in the index area 152 of the IC chip 150, the area code of the individual area, the individual encryption key for accessing the individual area, the version information of the individual encryption key, and the like are recorded. The card information acquisition unit 216 that decrypts the index area 152 acquires the individual encryption key of the individual area 154 corresponding to the area code specified by the communication device 100, the version information of the individual encryption key, and the like from the index area. Then, the individual area 154 is decrypted with the obtained individual encryption key or the like, and card information such as a card number and name is obtained.

  The communication control unit 202 has a function similar to that of the financial card issuing system 10 and is a communication interface configured by a communication device for connecting to a network such as the Internet. The communication control unit 202 may include a card information transmission unit 218 and the like. The card information transmission unit 218 functions to transmit the card information acquired by the card information acquisition unit 216. The functional configuration of the remote server 200 has been described above.

  Next, the functional configuration of the financial institution server 300 will be described. Since the communication control unit 302 and the card information DB have the same functions as those of the financial card issuing system 10, detailed description thereof is omitted. The card authentication unit 308 has a function of authenticating card information based on the card information transmitted from the communication device 100 and the personal identification number transmitted together with the card information. As described above, the card information DB 306 records card information and a password when the card is issued.

  The card authentication unit 308 compares the transmitted card information and personal identification number with the card information and personal identification number recorded in the card information DB 306 to authenticate whether the card information and personal identification number are correct. . The card information includes a card number, a cardholder's name, a financial institution type, a card name, and the like. If the card information recorded in the individual area 154 is correctly decrypted by the remote server 200, the card information transmitted to the financial institution server 300 matches the information recorded in the card information DB 306. The functional configuration of the financial institution server 300 has been described above.

  Next, a card authentication method executed in the financial card authentication system 10 will be described. FIG. 8 is a timing chart showing the flow of the card authentication method executed in the financial card authentication system 10. As shown in FIG. 8, first, a user input is made via the input / output unit 130 of the communication device 100 (S152). The user input in step S152 is, for example, that the card authentication request program of the communication device 100 is activated by a user key input or the like. When a user input is made in step S152, the card information authentication request unit 108 of the communication device 100 makes a card information authentication request to the remote server 200 (S154).

  The remote server 200 requested to authenticate the card information in step S154 reads the index area 152 and the individual area 154 of the storage unit of the IC chip 150 (S156). As for reading of the individual area 154, only the individual area 154 requested to be authenticated by the communication device 100 may be read. Card information is acquired from the index area 152 and the individual area 154 read in step S156 (S158). The card information acquired in step S158 is transmitted to the communication device 100 (S160). The card information acquisition process in step S158 and the card information transmission process in step S160 will be described in detail later.

  The communication device 100 to which the card information is transmitted from the remote server 200 in step S160 accepts an input of a personal identification number corresponding to the card information (S162). In step S162, the transmitted card information may be displayed on the display of the communication device 100, and a password corresponding to the displayed card information may be input. The card information transmitted from the remote server 200 in step S160 and the password entered in step S162 are transmitted to the financial institution server 300 (S164).

In step S164, the financial institution server 300 to which the card information and the password are transmitted authenticates the card information (S166). In step S166, the financial institution server 300 that has authenticated the card information transmits the authentication result of the card information to the communication device 100 (S168). The authentication of the card information in step S166 is performed based on whether or not the transmitted card information and the personal identification number match the card information and personal identification number recorded in the card information DB 306. That if the card information and the personal identification number is not consistent with the information of the card information DB306 in the step S 166, and notifies the card information has been authenticated correctly, if you did not agree, which could not be properly authenticated To be notified. The card authentication method executed in the financial card authentication system 10 has been described above.

  Next, the card information acquisition method in the remote server 200 will be described in detail based on FIG. FIG. 9 is a flowchart showing the flow of card information acquisition processing in the remote server 200. As shown in FIG. 9, the remote server 200 that has read the index area 152 and the individual area 154 decrypts the index area 152 using the shared encryption key recorded in the storage unit 204 (S170).

  The area code and the individual encryption key of the individual area 154 requested to be authenticated by the communication device 100 are acquired from the index area 152 decrypted in step S170 (S172). Then, the encrypted data and signature data recorded in the individual area 154 are acquired (S174).

  The encrypted data acquired in step S174 is decrypted with the individual encryption key acquired in step S172. Also, the signature data acquired in step S174 is verified (S176). When the encryption key version of the individual encryption key of the individual area 154 is also recorded in the index area 152, the encryption key version information may be used when the individual area 154 is decrypted.

  In step S176, it is determined whether the encrypted data in the individual area 154 has been correctly decrypted or the signature data has been verified correctly (S178). If it is determined in step S178 that correct decryption and signature verification have been performed, the card information is transmitted to the communication device 100 (S180). If it is determined in step S178 that correct decryption and signature verification could not be performed, an error notification that the card information could not be acquired is sent to the communication device 100 (S182). The card information acquisition method in the remote server 200 has been described above.

  The financial card authentication system 10 according to the first embodiment has been described above. According to the financial card authentication system 10, in response to a card information authentication request from the communication device 100, card information is acquired from the index area and individual area recorded in the storage unit of the IC chip 150 by the remote server 200. Then, the card information acquired by the remote server 200 is transmitted to the communication device 100. The communication device 100 transmits the transmitted card information and the password entered by the user to the financial institution server 300.

  The financial institution server 300 can authenticate the card information from the transmitted card information and password. Only the remote server 200 having the shared encryption key for decrypting the index area 152 can be acquired from the card information written in the IC chip 150 of the communication device 100, and the security of the card information written in the communication device 100 can be obtained. Becomes higher. Further, since the card information written in the IC chip 150 is decrypted by the remote server 200, it is not necessary for each financial institution to construct a system for decrypting the encrypted card information. Furthermore, since the user only inputs the personal identification number corresponding to the card information, that is, the personal identification number of the cash card, the user can perform transactions via the network in the same manner as a financial transaction using a normal ATM. In other words, financial transactions can be made via the network without a dedicated user ID or password for making transactions via the network.

(Second Embodiment)
Next, an outline of a financial card issuance / authentication system according to the second embodiment of the present invention will be described. FIG. 10 is an explanatory diagram showing a configuration example of the financial card issuing / authentication system 20 according to the present embodiment. As shown in FIG. 10, the financial card issuance / authentication system 20 includes a communication device 100 ′, a terminal device 400, a reader / writer 450, a remote server 200 ′, a financial institution server 300 ′, and a network 50 ′. And so on.

  The communication device 100 ′ in this embodiment is a mobile terminal on which a non-contact IC chip 150 ′ is mounted. Hereinafter, as an example of the communication device 100 ′, a mobile phone equipped with a non-contact IC chip 150 ′ will be described as applied to the communication device of the present invention, but the present invention is not limited to such an example. The communication device 100 ′ may be, for example, a non-contact IC card on which a non-contact IC chip 150 ′ is mounted, a PDA (Personal Digital Assistants) on which the non-contact IC chip 150 ′ is mounted, a wrist watch, a portable music player, etc. It may be. The communication device 100 ′ having the non-contact IC chip 150 ′ can communicate with the terminal device 400 via the reader / writer 450 in a non-contact manner using a magnetic field of a specific frequency (for example, 13.56 MHz). .

The remote server 200 ′ is connected to the terminal device 400 via the network 50 ′ , and performs data writing and reading with respect to the non-contact IC chip 150 ′ in response to a request from the terminal device 400. Specifically, it has an encryption key for encrypting data recorded on the non-contact IC chip 150 ', and the encrypted data is written into the non-contact IC chip 150' or written into the non-contact IC chip 150 '. Read encrypted data. Data written to the non-contact IC chip 150 'can be read only by the remote server 200' having the encryption key of the non-contact IC chip 150 '. That is, the data written in the non-contact IC chip 150 ′ is information that cannot be decoded and acquired even by the communication device 100 ′ or the terminal device 400.

The terminal device 400 has a function of performing non-contact communication with the communication device 100 ′ via the reader / writer 450. In the first embodiment, the communication device 100 is connected to the remote server 200 via the network 50. However, in the present embodiment, the terminal device 400 is connected to the remote server 200 ′ via the network. Is different. That is, in the first embodiment, the communication device 100 needs to be equipped with a network connection function. However, in the second embodiment, the terminal device 400 only needs to be connected to the remote server 200 ′ via the network 50. Therefore, it is not necessary to install a network connection function in the communication device 100 ′. Further, since the terminal device 400 also issues card information issuance requests and authentication requests, it is not necessary to install an issuance request program or an authentication request program in the communication device 100 ′. Therefore, in the present embodiment, the communication device 100 ′ only needs to be equipped with the non-contact IC chip 150 ′ , and the communication device 100 ′ can be simplified and downsized.

Since the financial institution server 300 ′ and the network 50 ′ have substantially the same functions as those in the first embodiment, detailed description thereof is omitted. Also in this embodiment, as in the first embodiment, the card information issued by the financial institution server 300 ′ is encrypted by the remote server 200 ′ and recorded on the non-contact IC chip 150 ′ of the communication device 100 ′. The For this reason, it is possible to issue a card by writing card information to the non-contact IC chip 150 ′ without preparing a dedicated user ID and password for transactions via the network. Further, since the remote server 200 ′ encrypts the card information in a centralized manner and records it on the non-contact IC chip 150 ′, the financial institution server 300 ′ encrypts the card information or stores it on the non-contact IC chip 150 ′. There is no need to build an issuing system for writing.

  Further, as described above, the card information recorded on the non-contact IC chip 150 ′ of the communication device 100 ′ can be decrypted and acquired only by the remote server 200 ′. In response to the card authentication request from the terminal device 400, the remote server 200 ′ transmits the decrypted card information to the terminal device 400. Then, the terminal device 400 transmits the transmitted card information and a password corresponding to the card information to the financial institution server 300 ′. The financial institution server 300 ′ can authenticate the card based on the card information and the personal identification number transmitted from the terminal device 400.

  As described above, the remote server 200 ′ decrypts the information in a unified manner and notifies the terminal device 400 of the card information of different financial institutions and card types. Then, the card information notified to the terminal device 400 and the password corresponding to the card information input to the terminal device 400 are transmitted to the financial institution server 300 ′. Each financial institution does not need to build an authentication system for authenticating card information independently, and can authenticate card information safely via the network without a dedicated user ID and password for transactions via the network. It becomes possible to do.

  The outline of the financial card issuing / authentication system 20 has been described above. Next, the communication device 100 ′, the contactless IC chip 150 ′, the remote server 200 ′, the financial institution server 300 ′, the terminal device 400, and the reader / writer 450 related to the financial card issuance of the financial card issuance / authentication system 20. A detailed configuration will be described. Hereinafter, a system related to the issue of a financial card of the financial card issue / authentication system 20 is referred to as a financial card issue system 20, and a system related to the authentication of the financial card of the financial card issue / authentication system 20 is also referred to as a financial card authentication system 20. .

  FIG. 11 is a block diagram showing functional configurations of the communication device 100 ′, the non-contact IC chip 150 ′, the remote server 200 ′, the financial institution server 300 ′, the terminal device 400, and the reader / writer 450. As shown in FIG. 11, the communication device 100 ′ mainly includes a non-contact IC chip controller 140 ′, a non-contact IC chip 150 ′, and the like.

  The non-contact IC chip control unit 140 ′ has a function of exchanging data between the non-contact IC chip 150 ′ and the reader / writer 450. The non-contact IC chip 150 ′ is mounted on the communication device 100 ′ and has a function of communicating in a non-contact manner with the terminal device 400 that is an external device via the reader / writer 450. The non-contact IC chip 150 ′ may include a CPU (Central Processing Unit), a ROM (Read Only Memory), a RAM (Random Access Memory), a storage unit, and the like. In the present embodiment, the non-contact IC chip 150 ′ mainly has a storage unit, and has an index area 152 and an individual area 154 in the storage unit. Since the configuration and recording contents of the index area 152 and the individual area 154 are the same as those in the first embodiment, detailed description thereof is omitted.

  The terminal device 400 communicates with the communication device 100 ′ having the non-contact IC chip 150 ′ via the reader / writer 450 in a non-contact manner. The terminal device 400 may be a home appliance such as a television or a recorder as long as the terminal device 400 includes an input / output device such as a keyboard or a display such as a PC (Personal Computer). Further, it has a function of communicating with the remote server 200 'and the financial institution server 300' via the network 50 '.

  The terminal device 400 includes a control unit 402, a communication control unit 420, an input / output unit 430, and the like. The control unit 420 includes a card issue request unit 404, a card information write request unit 406, and the like. The card issue request unit 404 has a function of requesting the financial institution server 300 ′ to issue a card via the communication control unit 420. The card issue request may be requested in response to a user input. Specifically, a card issuance request may be made by a user's key input or the like via an input / output unit 430 described later.

The card information write request unit 406 receives the card information of the card issued by the financial institution server 300 ′ in response to the request from the card issue request unit 404 via the communication control unit 420, and writes the received card information. It has a function of requesting the remote server 200 ′. Here, writing the card information means writing the card information to the non-contact IC chip 150 ′.

  The communication control unit 420 is a communication interface configured by a communication device or the like for connecting to a network such as the Internet, and transmits / receives data to / from the remote server 200 ′ or the financial institution server 300 ′ via the network. It has a function to perform.

  The input / output unit 430 is an input / output interface provided in the terminal device 400. The input interface is, for example, a numeric keypad, a button, a touch panel, etc., and has a function of accepting user input. The output interface is, for example, a display device such as a display display or a lamp, or an audio output device such as a speaker.

  The reader / writer 450 has a function of performing wireless communication in a non-contact manner with the non-contact IC chip 150 ′ and transmitting a data update request from the terminal device 400 to the non-contact IC chip 150 ′. The terminal device 400 and the reader / writer 450 may be configured as an integrated device, or the terminal device 400 and the reader / writer 450 may be configured as separate devices and connected by a cable. Further, the terminal device 400 may independently notify a data update request or the like, or may be connected to a remote server 200 ′ or a financial institution server 300 ′ connected via a network such as the Internet. Data may be updated in response to a request from a device or the like. The terminal device 400 and the reader / writer 450 have been described above.

  Next, the functional configuration of the remote server 200 ′ will be described. Since the remote server 200 ′ has substantially the same function as the remote server 200 according to the first embodiment, detailed description thereof is omitted. The difference from the first embodiment is that the communication control unit 202 transmits / receives data to / from the terminal device 400 via the network. The index area creation unit 206 has a function of creating the index area 152 in the IC chip 150 ′ of the communication device 100 ′. The encryption unit 208 encrypts the card information transmitted from the terminal device 400 in response to the card information write request issued by the financial institution server 300 ′ from the terminal device 400.

  The individual area writing unit 210 writes the card information encrypted by the encryption unit 208 to the individual area 154 in the IC chip 150 ′ of the communication device 100 ′ via the communication control unit 202. The index area writing unit 212 uses the individual area identification number of the individual area 154 written by the individual area writing unit 210 and the individual encryption key obtained by encrypting the individual area 154 in the IC chip 150 ′ of the communication device 100 ′. Write to the index area 152. The functional configuration of the remote server 200 ′ has been described above.

Next, the functional configuration of the financial institution server 300 ′ will be described. Since the financial institution server 300 ′ has substantially the same function as the financial institution server 300 ′ according to the first embodiment, detailed description thereof is omitted. The difference from the first embodiment is that the communication control unit 302 transmits / receives data to / from the terminal device 400 via the network. The card issuing unit 304 issues a card in response to a card issuance request from the terminal device 400, and transmits the card information of the issued card to the terminal device 400 via the communication control unit 302. In the card information DB 306, card information of the card issued by the card issuing unit 304 and a personal identification number corresponding to the card information are recorded. The functional configuration of the financial institution server 300 ′ has been described above.

  Next, a card issuing method executed in the financial card issuing system 20 will be described. FIG. 12 is a timing chart showing the flow of the card issuing method executed in the financial card issuing system 20. As shown in FIG. 12, first, a user input is made via the input / output unit 430 of the terminal device 400 (S202). The user input in step S202 is, for example, that the card issue request program of the terminal device 400 is activated by a user key input. When a user input is made in step S202, the card issuance request unit 404 of the terminal device 400 makes a card issuance request to the financial institution server 300 ′ (S204). In step S204, the financial institution server 300 ′ requested to issue a card by the terminal device 400 issues a card (S206).

  The card information issued in step S206 is transmitted to the terminal device 400 (S208). In step S208, the terminal device 400 that has received the card information of the issued card requests the remote server 200 ′ to write the card information (S210). The remote server 200 ′ requested to write the card information in step S210 writes the card information transmitted from the terminal device 400 to the non-contact IC chip 150 ′ of the communication device 100 ′ (S212). In step S212, the result of writing to the non-contact IC chip 150 'is notified to the terminal device 400 (S214). In step S214, the terminal device 400 communicated with the writing result may display the notification result on the display. The card issuing method executed in the financial card issuing system 20 has been described above. Since the card information writing method in the remote server 200 ′ is the same as that in the first embodiment, a detailed description thereof will be omitted.

According to the financial card issuing system 20 according to the present embodiment, a card is issued by the financial institution server 300 ′ in response to a card issuing request from the terminal device 400, and the card information of the card issued by the remote server 200 ′ is contactless. It is written in the IC chip 150 '. The storage unit of the non-contact IC chip 150 ′ has an index area and an individual area. The encrypted card information is written in the individual area, and the identification information and the individual encryption key of the individual area are written in the index area. . Thereby, the card information written in the non-contact IC chip 150 'of the communication device 100' can be accessed and acquired only by the remote server 200 ', and is written in the non-contact IC chip 150'. Card information security can be increased.

  In addition, the financial institution constructs an encryption system for encrypting the card information and a writing system for writing to the non-contact IC chip 150 ′ only by transmitting the card information of the issued card to the communication device. There is no need. Further, since the card information is written in the non-contact IC chip 150 ′ of the communication device 100 ′, it is possible to save the trouble of issuing the card at the printing company and mailing it to the user. This eliminates the need to have multiple cards for each financial institution or account.

  In particular, in the present embodiment, since the terminal device 400 issues a card issuance request or card information write request, the communication device 100 ′ only needs to be equipped with the non-contact IC chip 150 ′, and the communication device 100 ′ can be simplified. It can be a device. Furthermore, since the terminal device 400 has a reader / writer 450 capable of non-contact communication and may be any device that can be connected to a network, even if the terminal device 400 is not installed in a store such as a financial institution, It becomes possible to apply home appliances and the like. That is, even if the device is not dedicated to the terminal device 400, the function of the terminal device 400 can be installed and used in a device having other functions. The financial card issuing system 20 according to the second embodiment has been described above.

  Next, the communication device 100 ′, the non-contact IC chip 150 ′, the remote server 200 ′, the financial institution server 300 ′, the terminal device 400, and the reader related to the authentication of the financial card of the financial card issuing / authentication system 20 according to the present embodiment A detailed configuration of the writer 450 will be described. The outline of the financial card authentication system is as described with reference to FIG. Hereinafter, functions different from the financial card issuing system 20 according to the present embodiment will be mainly described.

FIG. 13 is a block diagram showing functional configurations of the communication device 100 ′, the non-contact IC chip 150 ′, the remote server 200 ′, the financial institution server 300 ′, the terminal device 400, and the reader / writer 450. As shown in FIG. 13, the communication device 100 ′ mainly includes a non-contact IC chip control unit 140 ′, a non-contact IC chip 150 ′, and the like. Since the non-contact IC chip 140 ′ and the non-contact IC chip 150 ′ have the same functions as the respective devices related to the financial card issuing system 20, detailed description thereof is omitted.

The terminal device 400 includes a control unit 402, a communication control unit 420, an input / output unit 430, and the like. The control unit 402 mainly includes a card information authentication request unit 408. The card information authentication request unit 408 has a function of requesting the remote server 200 ′ to authenticate card information by decrypting the individual area recorded in the non-contact IC chip 150 ′. The card information authentication request may be made in response to an input from the user of the communication device 100 ′ . For example, a card transaction authentication request may be made by a user starting a financial transaction start program via the input / output unit 430. Alternatively, the user may determine that there is an input from the user by holding the communication device 100 ′ on which the non-contact IC chip 150 ′ is mounted over the reader / writer 450.

  The communication control unit 420 is a communication interface composed of a communication device or the like for connecting to the Internet or the like, and transmits and receives data to and from the remote server 200 or the financial institution server 300 ′ via the network. Has the function to perform. The communication control unit 420 includes a card information receiving unit 422, an authentication result receiving unit 424, and the like. The card information receiving unit 422 has a function of receiving the card information of the individual area decrypted by the remote server 200 ′, and the authentication result receiving unit 424 is transmitted from the financial institution server 300 ′ to the remote server 200 ′. A function of receiving the authentication result of the card information and the personal identification number corresponding to the card information. The password corresponding to the card information is information input by the user via the input / output unit 430.

  The input / output unit 430 is an input / output interface provided in the terminal device 400 and mainly includes a personal identification number input unit 432. As described above, the password corresponding to the card information is input by the user via the password input unit 432. For example, a password is input by the user via a numeric keypad or a touch panel provided in the terminal device 400. The functional configuration of the terminal device 400 has been described above.

  Next, the functional configuration of the remote server 200 ′ will be described. Since the remote server 200 ′ has substantially the same function as the remote server 200 according to the first embodiment, detailed description thereof is omitted. The difference from the first embodiment is that the communication control unit 202 transmits / receives data to / from the terminal device 400 via the network. In response to the card information authentication request from the terminal device 400, the area reading unit 214 reads the index area 152 and the individual area 154 corresponding to the card information requested to be authenticated by the authentication device 400.

Then, the card information acquisition unit 216 decrypts the index area 152 with the shared encryption key recorded in the storage unit 204 to acquire the encryption key of the individual area, and decrypts the individual area 154 with the encryption key to decrypt the individual area 154. Get card information contained in the. The card information acquired by the card information acquisition unit 218 is transmitted to the terminal device 400 by the communication control unit 202. The functional configuration of the remote server 200 ′ has been described above.

  Next, the functional configuration of the financial institution server 300 ′ will be described. Since the financial institution server 300 ′ has substantially the same function as the financial institution server 300 according to the first embodiment, detailed description thereof is omitted. The difference from the first embodiment is that the communication control unit 302 transmits / receives data to / from the terminal device 400 via the network. The card authentication unit 308 authenticates the card information based on the card information transmitted from the terminal device 400 and the personal identification number transmitted together with the card information. The card authentication unit 308 compares the transmitted card information and personal identification number with the card information and personal identification number recorded in the card information DB 306 to authenticate whether the card information and personal identification number are correct. . The functional configuration of the financial institution server 300 ′ has been described above.

  Next, a card authentication method executed in the financial card authentication system 20 will be described. FIG. 14 is a timing chart showing the flow of the card authentication method executed in the financial card authentication system 20. As shown in FIG. 14, first, a user input is made through the input / output unit 430 of the terminal device 400 (S222). The user input in step S222 is, for example, that the communication device 100 ′ is held over the reader / writer 450 and the card authentication request program of the terminal device 400 is started by the user. When a user input is made in step S222, the card information authentication request unit 408 of the terminal device 400 makes a card information authentication request to the remote server 200 '(S224).

  The remote server 200 ′ requested to authenticate the card information in step S224 reads the index area 152 and the individual area 154 in the storage unit of the non-contact IC chip 150 ′ (S226). As for reading of the individual area 154, only the individual area 154 requested to be authenticated by the terminal device 400 may be read. Card information is acquired from the index area 152 and the individual area 154 read in step S226 (S228). The card information acquired in step S228 is transmitted to the terminal device 400 (S230).

  The terminal device 400 to which the card information is transmitted from the remote server 200 ′ in step S230 receives an input of a personal identification number corresponding to the card information (S232). In step S232, the transmitted card information may be displayed on the display of the terminal device 400, and a personal identification number corresponding to the displayed card information may be input. The card information transmitted from the remote server 200 ′ in step S230 and the password entered in step S232 are transmitted to the financial institution server 300 ′ (S234).

  In step S234, the financial institution server 300 ′ to which the card information and the password are transmitted authenticates the card information (S236). In step S236, the financial institution server 300 ′ that has authenticated the card information transmits the authentication result of the card information to the terminal device 400 (S238). The authentication of the card information in step S236 is performed based on whether or not the transmitted card information and password are the same as the card information and password recorded in the card information DB 306.

  In step S236, if the card information and the code number match the information in the card information DB 306, a notification that the card information has been correctly authenticated is sent. The card authentication method executed in the financial card authentication system 20 has been described above. The card information acquisition method in the remote server 200 ′ is the same processing as that in the first embodiment, and thus detailed description thereof is omitted.

  The financial card authentication system 20 according to the second embodiment has been described above. According to the financial card authentication system 20, the card information is acquired from the index area and the individual area recorded in the storage unit of the non-contact IC chip 150 ′ by the remote server 200 ′ in response to the card information authentication request of the terminal device 400. The Then, the card information acquired by the remote server 200 ′ is transmitted to the terminal device 400. The terminal device 400 transmits the transmitted card information and the password entered by the user to the financial institution server 300 ′.

  The financial institution server 300 ′ can authenticate the card information from the transmitted card information and password. The card information written in the contactless IC chip 150 ′ of the communication device 100 ′ can be acquired only by the remote server 200 ′ having the shared encryption key for decrypting the index area 152, and is written in the communication device 100 ′. Card information security can be increased. Further, since the card information written in the non-contact IC chip 150 ′ is decrypted by the remote server 200 ′, it is not necessary for each financial institution to construct a system for decrypting the encrypted card information. . Furthermore, since the user only has to input the personal identification number corresponding to the card information, that is, the personal identification number of the cash card, the user can perform transactions via the network in the same manner as a financial transaction using a normal ATM. In other words, financial transactions can be made via the network without a dedicated user ID or password for making transactions via the network.

  The preferred embodiments of the present invention have been described in detail above with reference to the accompanying drawings, but the present invention is not limited to such examples. It is obvious that a person having ordinary knowledge in the technical field to which the present invention pertains can come up with various changes or modifications within the scope of the technical idea described in the claims. Of course, it is understood that these also belong to the technical scope of the present invention.

  For example, in the second embodiment, the card information read by the remote server 200 ′ is transmitted to the terminal device 400, but the present invention is not limited to this example. The remote server 200 ′ may transmit an authentication result and a transaction ID that can identify one process to the terminal device 400. Then, the remote server 200 ′ may transmit the transaction ID and card information transmitted to the terminal device 400 to the financial institution server 300 ′.

  The terminal device 400 transmits the transaction ID transmitted from the remote server 200 ′ and the input personal identification number to the financial institution server 300 ′. The financial institution server 300 ′ to which the transaction ID and the personal identification number are transmitted from the terminal device 400 acquires the card information corresponding to the transaction ID, and the card information and personal identification number recorded in the card information DB 306 The card information is authenticated depending on whether the information and the password match.

It is explanatory drawing which showed the structural example of the financial card issue / authentication system concerning the 1st Embodiment of this invention. It is a block diagram which shows the function structure of the communication device, IC chip, remote server, and financial institution server concerning the embodiment. It is explanatory drawing explaining the content of the memory | storage part of the IC chip concerning the embodiment. It is explanatory drawing explaining the contents of the index area and an individual area concerning the embodiment. It is the timing chart which showed the flow of the card issue method performed in the financial card issue system concerning the embodiment. It is a flowchart which shows the flow of the write-in process of the card information in the remote server concerning the embodiment. It is a block diagram which shows the function structure of the communication device, IC chip, remote server, and financial institution server concerning the embodiment. It is the timing chart which showed the flow of the card | curd authentication method performed in the financial card authentication system concerning the embodiment. It is a flowchart which shows the flow of the acquisition process of the card information in the remote server concerning the embodiment. It is explanatory drawing which showed the structural example of the financial card issue / authentication system concerning the 2nd Embodiment of this invention. 2 is a block diagram showing a functional configuration of a communication device, a non-contact IC chip, a remote server, a financial institution server, a terminal device, and a reader / writer according to the embodiment. FIG. It is the timing chart which showed the flow of the card issue method performed in the financial card issue system concerning the embodiment. 2 is a block diagram showing a functional configuration of a communication device, a non-contact IC chip, a remote server, a financial institution server, a terminal device, and a reader / writer according to the embodiment. FIG. It is the timing chart which showed the flow of the card | curd authentication method performed in the financial card issue system concerning the embodiment.

DESCRIPTION OF SYMBOLS 100 100 'Communication device 104 Card issue request part 106 Card information write request part 108 Card information authentication request part 120 Communication control part 122 Card information receiving part 124 Authentication result receiving part 130 Input / output part 132 PIN number input part 140 140' IC chip Control unit 150 IC chip 150 ′ Non-contact IC chip 152 Index area 154 Individual area 200 200 ′ Remote server 202 Communication control unit 204 Storage unit 206 Index area creation unit 208 Encryption unit 210 Individual area writing unit 212 Index area writing unit 214 Index Area reading unit 216 Card information acquisition unit 218 Card information transmission unit 300 300 ′ Financial institution server 302 Communication control unit 304 Card issue unit 306 Card information DB
308 Card authentication unit

Claims (15)

A communication device equipped with an IC chip that can be connected to a financial institution server and a remote server via a network:
A card issuance requesting unit that requests the financial institution server to issue a card;
A card information write request unit that receives card information of a card issued by the financial institution server in response to a request from the card issue request unit, and requests the remote server to write the card information;
The card information for each card issued by the financial institution server is recorded, and the individual area that can be accessed using a unique individual encryption key set for each card information is identified. And a shared area in which an individual area identification number and an individual encryption key for each individual area are recorded and can be accessed using the shared encryption key recorded in the remote server;
A communication device comprising:   In response to a request from the card information write request unit, the remote server writes the card information encrypted in the individual area, and identifies the individual area in the shared area, and the individual area The communication device according to claim 1, wherein an individual encryption key obtained by encrypting the password is written.   The shared area is created in advance by the remote server, and the individual area is created for each piece of card information by the remote server when requested by the card information write request unit. Item 4. The communication device according to Item 1.   In the shared area, individual area search information for searching for the individual area is recorded, and the individual area search information is recorded in association with the individual area identification number, the financial institution type, and the card name. The communication device according to claim 1, wherein:   The communication device according to claim 1, wherein the remote server encrypts the card information and gives an electronic signature in response to a request from the card information write request unit.   The communication device according to claim 1, wherein the IC chip is an IC chip capable of contact communication or non-contact communication.   The communication device according to claim 1, wherein the shared area and the individual area are recorded in the IC chip mounted on the communication device. A communication device equipped with an IC chip that can be connected to a financial institution server and a remote server via a network:
The card information for each card issued by the financial institution server is recorded, and the individual area that can be accessed using the unique individual encryption key set for each card information is identified. A storage area having an individual area identification number and an individual encryption key for each individual area recorded therein and accessible using the shared encryption key recorded in the remote server;
A card information authentication request unit that requests the remote server to authenticate the card information by decrypting the individual area recorded in the storage unit;
A card information receiving unit for receiving the card information of the individual area decrypted by the remote server;
A personal identification number input unit for receiving input of a personal identification number corresponding to the card information;
A card information transmitting unit that transmits the card information received by the card information receiving unit and the password entered by the password input unit to the financial institution server;
An authentication result receiving unit that receives an authentication result of the card information and the password from the financial institution server;
A communication device comprising:   The remote server acquires the individual area identification number and the individual encryption key of the individual area associated with the card information requested to be authenticated by the card information authentication request unit, and uses the acquired individual encryption key to The communication device according to claim 8, wherein the individual area is decoded.   9. The communication device according to claim 8, wherein the remote server transmits card information of the individual area to the communication device when the individual area can be correctly decrypted with the individual encryption key.   The communication device according to claim 8, wherein the financial institution server authenticates whether or not the card information and the personal identification number transmitted by the communication device are a correct combination. A remote server that can be connected to a communication device and financial institution server equipped with an IC chip via a network:
In the communication device, the card information for each card issued by the financial institution server is recorded, and an individual area that can be accessed using a unique individual encryption key set for each card information; A shared area in which an individual area identification number for identifying the individual area and an individual encryption key for each individual area are recorded and can be accessed using the shared encryption key recorded in the remote server. A storage unit,
A storage unit in which the shared encryption key used for accessing the shared area of the storage unit included in the communication device is recorded;
An encryption unit that encrypts the card information transmitted from the communication device in response to a write request for the card information of the card issued by the financial institution server from the communication device;
An individual area writing unit that writes the card information encrypted by the encryption unit into the individual area of a storage unit included in the communication device;
A shared area writing unit that writes the individual area identification number of the individual area written by the individual area writing unit and the individual encryption key of the individual area into the shared area of the storage unit included in the communication device;
A remote server comprising: A remote server that can be connected to a communication device and financial institution server equipped with an IC chip via a network:
In the communication device, the card information for each card issued by the financial institution server is recorded, and an individual area that can be accessed using a unique individual encryption key set for each card information; A shared area in which an individual area identification number for identifying the individual area and an individual encryption key for each individual area are recorded and can be accessed using the shared encryption key recorded in the remote server. A storage unit,
A storage unit in which the shared encryption key used for accessing the shared area of the storage unit included in the communication device is recorded;
Area reading for reading the shared area recorded in the storage unit of the communication device and the individual area corresponding to the card information requested to be authenticated by the communication device in response to the card information authentication request from the communication device Part;
Obtaining card information for decrypting the shared area with the shared encryption key to obtain the encryption key for the individual area, and decrypting the individual area with the encryption key for the individual area to obtain card information included in the individual area Part;
A card information transmission unit that transmits the card information acquired by the card information acquisition unit to the communication device;
A remote server comprising: A terminal device capable of non-contact communication with a communication device equipped with a non-contact IC chip via a reader / writer and connectable to a financial institution server and a remote server via a network:
In the communication device, the card information for each card issued by the financial institution server is recorded, and an individual area that can be accessed using a unique individual encryption key set for each card information; A shared area in which an individual area identification number for identifying the individual area and an individual encryption key for each individual area are recorded and can be accessed using the shared encryption key recorded in the remote server. A storage unit,
A card issuance request unit that requests the financial institution server to issue a card in response to a user input;
A card information write request unit that receives a card car and information issued by the financial institution server in response to a request from the card issue request unit, and requests the remote server to write the card information;
With
The individual area identification number for identifying the individual area in the shared area of the communication device by the encrypted information of the card written in the individual area of the communication device via the reader / writer by the remote server And an individual encryption key obtained by encrypting the individual area. A terminal device capable of non-contact communication with a communication device equipped with a non-contact IC chip via a reader / writer and connectable to a financial institution server and a remote server via a network:
In the communication device, the card information for each card issued by the financial institution server is recorded, and an individual area that can be accessed using a unique individual encryption key set for each card information; A shared area in which an individual area identification number for identifying the individual area and an individual encryption key for each individual area are recorded and can be accessed using the shared encryption key recorded in the remote server. A storage unit,
A card information authentication requesting unit that requests the remote server to authenticate card information by decrypting the individual area recorded in a storage unit included in the communication device;
A card information receiving unit that receives card information of the individual area decrypted by the remote server using the shared encryption key;
A personal identification number input unit for receiving input of a personal identification number corresponding to the card information;
A card information transmitting unit that transmits the card information received by the card information receiving unit and the password entered by the password input unit to the financial institution server;
An authentication result receiving unit that receives an authentication result of the card information and the password from the financial institution server;
A terminal device comprising:

Images