JP5216486B2 - Semiconductor device, portable terminal, and information terminal - Google Patents

Description

  The present invention relates to a technique for performing user authentication necessary for settlement processing and access authentication processing.

  In recent years, services that perform payment using a mobile terminal equipped with a contactless IC card function (hereinafter referred to as payment service) and services that perform access such as admission management (hereinafter referred to as access authentication service, or It is widely used to perform access authentication. A contactless IC card is convenient because it allows payment and authentication processing to be performed simply by holding it over an IC card reader.

  In addition to the functions provided by non-contact IC cards by installing non-contact IC card functions in mobile terminals so that IC cards can also be accessed from mobile terminals, payment results, payment history, etc. The convenience of the user can be further improved, such as displaying.

  In the future, it is assumed that mobile terminals equipped with contactless IC card functions will be used for processing that requires high security such as higher payments. In this case, unauthorized use by stolen mobile terminals will be prevented. Therefore, it seems necessary to perform user authentication.

  As a user authentication method, a PIN (Personal Identification Number) verification method or a biometric authentication method may be used. In the PIN verification method, a PIN number, which is a user's personal identification number, is registered in advance in an IC card or the like, and verified with the PIN number entered by the subject, thereby confirming that the subject is the user himself / herself.

  In the biometric authentication method, biometric information that is different for each individual, such as a fingerprint, finger vein pattern, or iris pattern, is registered in advance in an IC card or the like and collated with the biometric information of the subject. Make sure that Patent Document 1 is an example of performing user authentication with a portable terminal equipped with a non-contact IC card function.

  In Patent Document 1, a personal identification number is registered in advance in a portable terminal equipped with a non-contact type IC card function, the personal identification number is input prior to use of the IC card function, and an input personal identification number and a registered personal identification number are obtained. Enable the IC card function for a predetermined time only when they match (release the lock).

If the IC card function is not used before the specified time elapses after user authentication with a personal identification number, the IC card function is locked and user authentication is required again. Use can be prevented.
Japanese Patent Application 2001-194306

  In Patent Document 1, unauthorized use until the use of the IC card function is prevented by determining the time when user authentication performed in advance is valid. Not considered.

  For example, even if a certain period of time has not elapsed, if the user has moved a certain distance from the place where the user authentication was performed, or if a large impact such as a drop or acceleration occurred after the user authentication was performed, If you join a mobile device, the possibility of loss or theft may increase. Therefore, when such an impact, acceleration, or the like is applied, it may be possible to limit the use of the IC card function.

  Further, in Patent Document 1, it is assumed that user authentication must be performed again after a certain time has elapsed after user authentication. However, depending on the use contents of the IC card function, the required reliability of user authentication differs, and the user's convenience may be impaired by always performing user authentication repeatedly. For example, a high degree of reliability is required for user authentication when making a large payment, but user authentication may not be necessary when making a small payment.

  The present invention has been made in view of the above-described problems, and is used when performing non-contact IC card transactions such as settlement after performing user authentication using a mobile terminal equipped with a non-contact IC card function. Provide a semiconductor device (hereinafter referred to as an IC chip), a portable terminal, and an information terminal having a high security function that reduce the possibility of unauthorized use of a non-contact IC card without impairing the convenience of the user For the purpose.

  In order to solve the above-described problems, the IC chip according to the present invention is mounted on a portable terminal having a timer for measuring time or a sensor for detecting predetermined physical information, and is used for payment or access authentication with the information terminal. An IC chip that performs non-contact communication with the information terminal, a contact communication unit that performs contact communication with the mobile terminal, and is currently operating the mobile terminal State change information indicating that the output of the timer or the sensor has changed, or notification, having a memory for storing user reliability information, which is information indicating how reliable a person is as a true user Is received from the information terminal via the contact communication unit, the user reliability information is changed or updated based on the state change information or notification. It is characterized in.

  The portable terminal according to the present invention is a portable terminal equipped with an IC chip having a non-contact communication function, a contact communication function, and a user authentication function for authenticating a user's validity. A timer or a sensor that detects predetermined physical information, an IC chip communication unit that performs contact communication with the IC chip, and a memory that stores a program or data for controlling the portable terminal. Stores an event setting table for setting physical information to be monitored using the timer or the sensor, and when the mobile terminal succeeds in user authentication using the IC chip, the event setting When monitoring of the state of the mobile terminal set in the table is started and a change in the state of the mobile terminal occurs, the previous IC chip communication unit The IC chip is notified of information on a change in state of the portable terminal.

  An information terminal according to the present invention is an information terminal that performs payment or access authentication between an IC chip having a non-contact communication function and a user authentication function for authenticating a user's legitimacy. Sets the threshold of the contactless communication unit that performs contactless communication with the IC chip and the user reliability information indicating how reliable the user of the IC chip is to the security level required for settlement or access authentication. A memory for storing a reliability threshold value table to be determined in response, and when receiving the user reliability from the IC chip via the non-contact communication unit, the necessary threshold value from the reliability threshold value table And determining whether or not a new user authentication is necessary by comparing the user reliability information with the threshold value.

  Here, the said structure is demonstrated with another expression below.

  A semiconductor element mounted on a portable terminal equipped with a timer for measuring time or a sensor for detecting predetermined physical information, which performs settlement or authentication with an information terminal, wherein the semiconductor element is connected to the information terminal A non-contact communication unit that performs non-contact communication, a contact communication unit that performs contact communication with the portable terminal, a storage unit that stores information, and a semiconductor that controls at least the non-contact communication unit, the contact communication unit, and the storage unit An element control unit, storing user authentication registration information, which is information as a user of the mobile terminal, in the storage unit, information relating to authentication input to the mobile terminal, and the user authentication registration information, User reliability information corresponding to the degree of similarity is stored in the storage unit, and state change notification information indicating a change in the output of the timer or the sensor is received from the information terminal. , So as to change the user reliability information.

  In addition, after the semiconductor element transmits the user reliability information to the information terminal, settlement or authentication is performed with the information terminal.

  In addition, the state change notification information received from the mobile terminal indicates that a predetermined time has elapsed since the mobile terminal performed the previous authentication process, or a predetermined acceleration is applied to the mobile terminal. It is assumed that the information indicates that it has been detected or that the position of the mobile terminal has moved a value indicating a predetermined distance.

  In addition, the semiconductor element has a user authentication unit that authenticates a user, and after receiving user authentication request information from the mobile terminal, the semiconductor element relates to authentication input to the mobile terminal by the user authentication unit The calculation is performed using the information and the user authentication registration information, and the user reliability information is changed after the calculation output.

  The portable terminal includes a semiconductor element having a non-contact communication unit, a contact communication unit, and a user authentication unit for authenticating a user, wherein the portable terminal is a timer for measuring time or a predetermined physical unit. A sensor that detects the target information, a semiconductor element communication unit that performs contact communication with the semiconductor element, and a storage unit that stores a program or information for controlling the portable terminal, and is monitored using the timer or the sensor An event setting table for setting physical information to be stored is stored in the storage unit, and the portable terminal is set in the event setting table after successful user authentication using the semiconductor element. When the state change of the portable terminal occurs, the state change notification information of the portable terminal is transmitted to the semiconductor element.

  An information terminal that performs settlement or authentication between a non-contact communication unit and a semiconductor element having a user authentication unit for authenticating a user, wherein the information terminal communicates with the semiconductor element without contact A threshold value corresponding to a threshold level of user reliability information relating to a user of the semiconductor element or a security level referred to in settlement or authentication. And storing the reliability threshold value table in which the information is set in the storage unit, receiving the user reliability information from the semiconductor element, comparing the user reliability information with the threshold value, and authenticating It is determined whether or not execution is necessary.

  By using the present invention, it is possible to provide an IC chip, a portable terminal, and an information terminal having a high security function that reduces the possibility of unauthorized use of a non-contact IC card without reducing user convenience. .

Hereinafter, an embodiment of the present invention will be described in detail with reference to the drawings.
(1) Hardware configuration of portable terminal, IC chip, and payment terminal according to this embodiment FIG. 1 is a block diagram showing a configuration of a payment system according to this embodiment. In FIG. 1, 1 is a portable terminal, 3 is an IC chip, and 5 is a payment terminal. The portable terminal 1 has a function of performing a payment process with the payment terminal 5 using the IC chip 3. A mobile phone is considered as a specific product example of the mobile terminal 1. Or other portable terminals may be used.

  The IC chip 3 is secure hardware used for user authentication and settlement transaction processing, and communicates with the portable terminal 1 by wire and communicates with the settlement terminal 5 wirelessly.

  The IC chip 3 may be realized as an LSI built in the mobile terminal 1. Alternatively, it may be realized as a removable IC card.

  The payment terminal 5 is a payment terminal installed in a bank ATM or a store such as a supermarket. In the present embodiment, the description is given on the assumption that payment processing is performed between the IC chip 3 and the payment terminal 5, but authentication processing other than payment (for example, entry / exit authentication processing to / from a security room) Even if it is performed, it is the scope of application of the present invention.

  Next, the internal circuit configuration of the mobile terminal 1 will be described. The mobile terminal 1 includes a memory 11, a mobile terminal control unit 12, an IC chip communication unit 13, a wireless communication unit 14, a user authentication start button 15, a user display unit 16, a user operation unit 17, a biosensor 18, a timer 19, It includes an acceleration sensor 20, a position information detection unit 21, a power supply control unit 22, and an antenna 23.

  The memory 11 includes a semiconductor memory such as a RAM, a ROM, and a flash ROM, or a hard disk, and temporarily or permanently stores a program for controlling the mobile terminal 1 and related data.

  The mobile terminal control unit 12 is a main CPU (Central Processing Unit) of the mobile terminal 1 and controls the entire mobile terminal 1 based on a program and related data stored in the memory 11.

  The IC chip communication unit 13 has a function of communicating with the IC chip 3 in a wired manner, and it is conceivable that the IC chip communication unit 13 communicates with the IC chip 3 by a procedure according to ISO / IEC7816, which is an international standard for an IC card communication system. Alternatively, the use of other communication methods is within the scope of the present invention.

  The wireless communication unit 14 is used for the mobile terminal 1 to communicate with the outside wirelessly. For example, it can be realized as a function of communicating with a mobile phone base station or a wireless communication function such as wireless LAN or Bluetooth.

  The user authentication start button 15 is an operation button that is pressed when executing user authentication according to the user's intention. The user authentication start button 15 may have other functions. For example, if the user authentication start button 15 is pressed for a long period of time, the portable terminal 1 is turned off, and if it is pressed for a short period of time, the user authentication is executed.

  The user display unit 16 has a function of displaying an image, text, or GUI (Graphical User Interface) on the screen using a liquid crystal display or the like, and outputting audio information using a speaker.

  The user operation unit 17 provides a function for the user to operate the mobile terminal 1 using an operation button, a touch pad, or a touch panel.

  The biometric sensor 18 has a function of reading biometric information. For example, it can be considered to read a fingerprint or a finger vein pattern. Alternatively, even if it has a function of reading other biological information, it is within the scope of application of the present invention.

  The timer 19 is a circuit having a function of generating a notification signal to the mobile terminal control unit 12 when a certain time has elapsed.

  The acceleration sensor 20 is a circuit element that detects acceleration. For example, when the detected acceleration reaches a preset threshold value, a notification signal is generated in the mobile terminal control unit 12. As a result, it is possible to detect that the mobile terminal 1 has dropped or some kind of impact or acceleration has been applied.

  The position information detection unit 21 has a function of detecting the current position of the mobile terminal 1 using GPS (Global Positioning System) or the like. The power control unit 22 performs power control of the mobile terminal 1. The antenna 23 is used by the wireless communication unit 14 for wireless communication with the outside.

  Next, the internal circuit configuration of the IC chip 3 will be described. The IC chip 3 includes a memory 31, an IC chip control unit 32, a contact communication unit 33, a non-contact communication unit 34, an encryption processing unit 35, a power control unit 36, and an antenna 37.

  The memory 31 is composed of a semiconductor memory such as RAM, ROM, and EEPROM, and temporarily or permanently stores a program for controlling the IC chip 3 and related data.

  The IC chip control unit 32 is a main CPU (Central Processing Unit) of the IC chip 3, and controls the entire IC chip 3 based on a program and related data stored in the memory 31.

  The contact communication unit 33 has a function of communicating with the mobile terminal 1 in a wired manner, and it is conceivable that the contact communication unit 33 communicates with the mobile terminal 1 by a procedure according to ISO / IEC7816, which is an international standard for an IC card communication system. Alternatively, the use of other communication methods is within the scope of the present invention.

  The contactless communication unit has a function to communicate with the settlement terminal 5 wirelessly, and ISO / IEC14443, which is an international standard for contactless IC card communication, or ISO / IEC18092, which is an international standard for NFC (Near Field Communication) It is conceivable to communicate with the payment terminal 5 in the procedure according to the above. Alternatively, the use of other communication methods is within the scope of the present invention.

  The cryptographic processing unit 35 is a circuit that performs cryptographic processing and authentication processing performed by the IC chip 3 at high speed on behalf of the IC chip control unit 32, and is based on, for example, the DES algorithm of the common key cryptosystem or the RSA algorithm of the public key cryptosystem Performs computations necessary for the encryption processing.

  The power supply control unit 36 uses the power supplied from the portable terminal 1 via the contact communication unit 33 in a wired manner or the power supplied wirelessly from the payment terminal 5 via the non-contact communication unit 34 to adjust the IC chip 3. It is a circuit that performs power control for driving.

  The antenna 37 is used for the non-contact communication unit 34 to perform non-contact communication with the payment terminal 5. For example, when the radio frequency used for non-contact communication is in the 13.56 MHz band, it becomes a spiral shape called an antenna coil, which plays a role in transmitting and receiving signals, and from the electromagnetic field generated by the payment terminal 5, the IC chip You may make it have the function to acquire the electric power for driving 3. FIG.

  Next, the internal circuit configuration of the payment terminal 5 will be described. The payment terminal 5 includes a memory 51, a payment terminal control unit 52, a non-contact IC card communication unit 53, and an antenna 54.

  The memory 51 includes a semiconductor memory such as a RAM, a ROM, and a flash ROM, or a hard disk, and temporarily or permanently stores a program for controlling the settlement terminal 5 and related data.

  The payment terminal control unit 52 is a main CPU (Central Processing Unit) of the payment terminal 5 and controls the payment terminal 5 as a whole based on a program and related data stored in the memory 51.

  The non-contact IC card communication unit 53 has a function to communicate with the IC chip 3 wirelessly, and is an international standard of ISO / IEC14443 or NFC (Near Field Communication) communication system, which is an international standard of non-contact IC card communication system. It is conceivable to communicate with the IC chip 3 in accordance with the procedure according to ISO / IEC18092. Alternatively, the use of other communication methods is within the scope of the present invention.

The antenna 54 is used for the non-contact IC card communication unit 53 to perform non-contact communication with the IC chip 3. Note that it is desirable that the antenna 54 be arranged so that it can communicate with the user so that the user can hold the mobile terminal 1 naturally with a comfortable posture and operation, for example, when the user holds the mobile terminal 1 in his / her hand. For example, the non-contact IC card communication unit 53 and the payment terminal control unit 52 are connected by a dedicated cable so that the non-contact IC card communication unit 53 and the antenna 54 are separate hardware modules from the payment terminal 5. Also good. In this case, the position of the antenna 54 can be changed so that the user can easily hold the portable terminal 1.
(2) Software configuration of mobile terminal, IC chip, and payment terminal according to this embodiment The software configuration of mobile terminal 1, IC chip 3, and payment terminal 5 shown in FIG. 1 will be described.

  First, the software configuration of the mobile terminal 1 will be described with reference to FIG. The memory 11 mounted on the portable terminal 1 stores an operating system 100, a portable terminal control program 101, an event monitoring program 102, portable terminal control data 103, and an event setting table 104.

  The operating system 100 is a system program that provides basic functions necessary for executing an application program. For example, an API (Application Programming Interface) for controlling the mobile terminal 1 is provided for the application program, and each application Perform program execution management. As the operating system 100, a Linux operating system may be used. Alternatively, the scope of the present invention is applicable even when other operating systems are used.

  The mobile terminal control program 101 is an application program that runs on the operating system 100 and performs various controls of the mobile terminal 1.

  The event monitoring program 102 is an application program that runs on the operating system 100, and monitors the internal state of the mobile terminal 1 using the timer 19, the acceleration sensor 20, the position information detection unit 21, the power control unit 22, and the like. When an event that may increase the possibility of unauthorized use of the mobile terminal 1 occurs, a signal and information indicating the event are transmitted to the IC chip 3 and notified.

  Here, the event is a predetermined phenomenon that occurs inside the mobile terminal 1. Examples of the event include that a certain time has elapsed, a predetermined acceleration (impact) is detected, and a certain position is moved.

  The mobile terminal control data 103 is various data necessary for controlling the mobile terminal 1 and is used by the mobile terminal control program 101 to control the mobile terminal 1.

  The event setting table 104 is table information for setting events that the event monitoring program 102 needs to monitor. Details of the event setting table 104 will be described later.

  Note that even when all or any of the operating system 100, the portable terminal control program 101, and the event monitoring program 102 are realized as the same program, the scope of the present invention is applicable.

  Next, the software configuration of the IC chip 3 will be described with reference to FIG. The memory 31 mounted on the IC chip 3 includes an IC card operating system 110, a user authentication processing program 111, a payment processing program 112, user authentication registration information (however, in the drawing, it is displayed as user authentication registration data. 113, user reliability information (however, shown as user reliability in the drawing) 114, event management table 115, user authentication flag 116, and settlement related information 117 are stored.

  The IC card operating system 110 is a system program that provides basic functions necessary for executing an IC card application program. For example, an API (Application Programming Interface) for controlling the IC chip 3 with respect to the IC card application program I will provide a. It also has a function of selecting and executing an IC card application by external communication control.

  It is conceivable to use MULTOS or Java (registered trademark) Card as the IC card operating system 110. Alternatively, other operating systems may be used within the scope of the present invention.

  The user authentication processing program 111 is an IC card application program that runs on the IC card operating system 110, and performs user authentication processing for confirming whether the user of the mobile terminal 1 is valid. Alternatively, the calculation is performed using the information related to authentication input to the mobile terminal 1 and the user authentication registration data. The calculation is obtained by extracting and calculating the degree of similarity between the authentication-related information input to the mobile terminal 1 and the user authentication registration data, and further outputting a value corresponding to the degree of similarity But it ’s okay. For example, PIN verification or biometric authentication can be considered. Alternatively, the user authentication process may be performed by another method, which is within the scope of the present invention.

  The payment processing program 112 is an IC card application program that runs on the IC card operating system 110, and performs payment processing based on a predetermined method with the payment terminal 5. For example, a credit card payment or electronic money payment can be considered. Alternatively, even when other settlement methods are used, the scope of the present invention is applicable.

  The user authentication registration data (or user authentication registration information) 113 is information used by the user authentication processing program 111 to authenticate the user, and is information related to the user of the mobile terminal. A PIN number and biometric information are registered in advance. When a PIN number is registered as the user authentication registration data 113, the user authentication processing program 111 performs user authentication by PIN verification. Alternatively, when biometric information is registered as the user authentication registration data 113, the user authentication processing program 111 performs user authentication by biometric authentication.

  The user reliability information 114 is data that numerically represents how much a person who is currently operating the mobile terminal 1 can be trusted as a legitimate user, or the authentication information input to the mobile terminal 1 Information and data corresponding to the degree of similarity between the information on the user authentication registration data and the result of user authentication performed in the past and determined / changed according to the subsequent state change of the mobile terminal 1, or Updated.

  In the present embodiment, the user reliability information 114 is changed or updated by the user authentication processing program 111 and can only be referred to from the payment processing program 112.

  The event management table 115 is used by the user authentication processing program 111 to determine an increase / decrease value of the user reliability information 114 when an event such as a result of user authentication or a state change of the mobile terminal 1 occurs. Table information. Details of the event management table 115 will be described later.

  The user authentication flag 116 is a flag indicating the result of user authentication executed by the user authentication processing program 111, and succeeds or fails for each user authentication supported by the user authentication processing program 111. Or indicate that it has not been implemented.

  The payment related information 117 is data used by the payment processing program 112 to perform a predetermined payment process, and includes, for example, an electronic money balance and a credit card number.

  It should be noted that the present invention is applicable even when all or any of the IC card operating system 110, the user authentication processing program 111, and the settlement processing program 112 are realized as the same program.

  Next, the software configuration of the payment terminal 5 will be described. A payment terminal control program 121 and a reliability threshold table 122 are stored in the memory 51 mounted on the payment terminal 5.

  The settlement terminal control program 121 is a program that performs predetermined settlement processing with the IC chip 3 in the portable terminal 1 by non-contact communication when the portable terminal 1 is held over the antenna 54 of the settlement terminal 5.

  The reliability threshold value table 122 newly performs user authentication based on the payment contents (payment amount, etc.) between the payment terminal 5 and the IC chip 3 and the user reliability information 114 managed by the IC chip 3. This is table information for determining whether it is necessary to do this.

Details of the reliability threshold table 122 will be described later. Although not explicitly shown in FIG. 1, the settlement terminal control program 121 is within the scope of the present invention even if it is realized as an application program operating on the operating system.
(3) Configuration of Event Setting Table Held in Portable Terminal FIG. 2 shows a configuration example of the event setting table 104 stored in the portable terminal 1. In the present embodiment, the event setting table 104 has an event identifier 211, a valid flag 212, and a setting value 213 set as column items.

  The event identifier 211 is a number or character string that uniquely identifies an event that occurs inside the mobile terminal 1. In the example of FIG. 2, “timer notification” is assigned to Event 1, “fall detection” is assigned to Event 2, and “position movement detection” is assigned to Event 3 for identification.

  The valid flag 212 is a flag that determines whether or not to monitor the occurrence of the event identified by the event identifier 211.

  The setting value 213 sets an event generation condition identified by the event identifier 211. In the example of FIG. 2, “timer notification” is performed at 1-minute intervals, and “position movement detection” is performed after moving 100 m. Even when an event or setting value other than those exemplified in FIG. 2 is set in the event setting table 104, the scope of the present invention is applicable.

In the event setting table 104, a predetermined value may be set as an initial value when the mobile terminal 1 is shipped, and then changed by the user operating the mobile terminal 1. Alternatively, only a person with specific authority may be allowed to change. For example, the password may not be changed unless a specific password is input or some authentication process is performed.
(4) Configuration of Event Management Table Held in IC Chip FIG. 3 shows a configuration example of the event management table 115 stored in the IC chip 3. In the present embodiment, the event management table 115 has an event identifier 221 and a reliability increase / decrease value 222 set as column items.

  The event identifier 221 is a number or character string that uniquely identifies an event that occurs inside the mobile terminal 1, and identifies the event in the same system as the event identifier 211 in the event setting table 104. In the example of FIG. 3, “Timer Notification” is Event1, “Fall Detection” is Event2, “Position Movement Detection” is Event3, “PIN Verification Success” is Event4, “Biometric Authentication Successful” is Event5, and “Settlement Execution” is Event6. Assigned to be identifiable.

  The reliability increase / decrease value 222 is a value that determines how much the user reliability information 114 is increased or decreased when a related event occurs.

  In the example of FIG. 3, 2 is subtracted when the “timer notification” event occurs, 5 is subtracted when the “fall detection” event occurs, 4 is subtracted when the “position movement detection” event occurs, and “PIN verification successful” When an event occurs, 5 is added, 10 is added when a “biometric authentication success” event occurs, and 10 is subtracted when a “settlement execution” event occurs. Even when events other than those exemplified in FIG. 3 and increase / decrease values are set in the event management table 115, the scope of the present invention is applicable.

  Here, the event management table 115 may be configured to determine the increase / decrease value in consideration of the user authentication flag 116. For example, if the user authentication flag 116 indicates that user authentication by PIN verification is successful and a new “PIN verification success” event occurs, the increase / decrease value is set to 0 (user It is conceivable that the reliability information 114 does not increase or decrease). This is because the reliability of the user does not change between when the user verification by PIN verification is successful once and when the user authentication is successful twice in succession.

In the event management table 115, a predetermined value may be set as an initial value at the time of shipment of the IC chip 3, and then changed by the user operating the mobile terminal 1. Alternatively, only a person with specific authority may be allowed to change. For example, the password may not be changed unless a specific password is input or some authentication process is performed.
(5) Configuration of Reliability Threshold Table Held by Payment Terminal FIG. 4 shows a configuration example of the reliability threshold table 122 stored in the payment terminal 5. In the case of the present embodiment, the payment threshold 231 and the reliability threshold 232 are set as column items in the reliability threshold table 122.

  The settlement amount 231 is a range of amounts that are traded in the settlement between the settlement terminal 5 and the IC chip 3.

  The reliability threshold value 232 represents a reliability threshold value for user authentication, which is obtained when the amount designated by the payment amount 231 is settled. In the example of FIG. 4, when the payment amount is less than 3000 yen, it is not necessary to perform user authentication again if the user reliability information is 0 or more. When the payment amount is 3000 yen or more and less than 10,000 yen, it is not necessary to perform user authentication again if the user reliability is 5 or more. If the payment amount is 10,000 yen or more, it is not necessary to perform user authentication again if the user reliability information is 10 or more.

It is within the scope of the present invention to use set values other than those exemplified in FIG. The reliability threshold table 122 illustrated in FIG. 4 determines the reliability threshold for user authentication according to the payment amount, but the reliability threshold for user authentication using parameters other than the payment amount. May be determined. For example, using the number of people waiting for the payment process at the payment terminal 5 as a parameter, the threshold value of reliability of user authentication may be determined according to the degree of congestion when there are many people waiting.
(6) Screen Configuration Displayed on Mobile Terminal During User Authentication Process FIG. 5 shows various screens displayed on the user display unit 16 when performing user authentication using the mobile terminal 1. In the case of the present embodiment, as shown in FIG. 5 (a), the user authentication is performed on the user display unit 16 by pressing the user authentication start button 15 provided in the mobile terminal 1. Display a screen to confirm that.

  Or you may make it display the screen of Fig.5 (a) by operating any button which comprises the user operation part 17. FIG. Alternatively, when the mobile terminal 1 detects that the non-contact communication is started using the non-contact communication unit 34 of the IC chip 3 via the IC chip communication unit 13, the screen of FIG. 5A is displayed. May be.

  Thereafter, when the user selects the start button 230 on the screen, user authentication is executed. Here, the selection of the start button 230 is performed by operating the user operation unit 17 including various key buttons.

  If the PIN verification method is used for user authentication, a message for entering the PIN number is displayed on the screen as shown in FIG. Accordingly, the user operates the user operation unit 17 of the mobile terminal 1 to input the PIN number and perform PIN verification.

If biometric authentication such as fingerprint authentication or finger vein authentication is used for user authentication, a message and information notifying the user that biometric authentication is to be performed are displayed on the screen as shown in FIG. To do. Thereby, the user inputs biometric verification data using the biometric sensor 18 of the mobile terminal 1 and performs biometric authentication. If user authentication using PIN verification or biometric authentication is successful, as shown in FIG. 5 (d), the fact that user authentication was successful is displayed on the screen.
(7) User Authentication Processing Using PIN Verification FIG. 6 shows processing steps between the mobile terminal 1 and the IC chip 3 when executing user authentication using PIN verification. In the following description, processing performed by the mobile terminal 1 is mainly executed by the mobile terminal control program 101, and processing performed by the IC chip 3 is mainly executed by the user authentication processing program 111.

  [Step S1000] The PIN verification process is started when the user presses the user authentication button 15. Alternatively, the operation may be started by operating any button constituting the user operation unit 17. Alternatively, it may be started when the mobile terminal 1 detects that the non-contact communication is started using the non-contact communication unit 34 of the IC chip 3 via the IC chip communication unit 13.

  [Step S1001] The portable terminal 1 presents a PIN number input request to the user using the user display unit 16.

  [Step S1002] The user uses the user operation unit 17 to input a PIN number.

  [Step S1003] The mobile terminal 1 transmits the PIN number input by the user to the IC chip 3 via the IC chip communication unit 13.

  [Step S1004] The IC chip 3 performs user authentication by PIN verification by confirming whether the registered PIN number managed as the user authentication registration data 113 matches the PIN number obtained from the mobile terminal 1. Do.

  [Step S1005] When user authentication by PIN verification is successful, the IC chip 3 refers to the event management table 115 and determines an increase / decrease value of the user reliability information 114. Then, the user reliability information 114 is changed or updated by adding (or subtracting) the determined increase / decrease value to the user reliability information 114.

  For example, in the example described with reference to FIG. 3, 5 is added to the user reliability information 114 when user authentication by PIN verification is successful. Thereafter, the IC chip 3 changes or updates the user authentication flag 116 based on the result of user authentication by PIN verification. Note that if the user authentication flag 116 already indicates that “user authentication by PIN verification has been successful”, the user reliability information 114 may be applied to the present invention even if it is not changed or updated. .

  [Step S1006] The IC chip 3 returns the result of user authentication by PIN verification to the mobile terminal 1.

  [Step S1007] The mobile terminal 1 uses the user display unit 16 to display or notify the user of the result of user authentication by PIN verification.

  [Step S1008] When user authentication by PIN verification is successful, the mobile terminal 1 starts monitoring the event that occurs in the mobile terminal 1 by starting the event monitoring program 102.

With the processing steps described above, it is possible to execute user authentication using PIN verification before the settlement process using the mobile terminal 1 is performed. In addition, if user authentication using PIN verification is successful, an event that is likely to increase the possibility of unauthorized use of the mobile terminal 1 by the start of monitoring the event that occurs on the mobile terminal 1 before the settlement process is performed. It is possible to detect the occurrence of
(8) User Authentication Processing Using Biometric Authentication FIG. 7 shows processing steps between the mobile terminal 1 and the IC chip 3 when executing user authentication using biometric authentication. In the following description, processing performed by the mobile terminal 1 is mainly executed by the mobile terminal control program 101, and processing performed by the IC chip 3 is mainly executed by the user authentication processing program 111.

  [Step S1100] The biometric authentication process is started when the user presses the user authentication button 15. Alternatively, the operation may be started by operating any button constituting the user operation unit 17. Alternatively, it may be started when the mobile terminal 1 detects that the non-contact communication is started using the non-contact communication unit 34 of the IC chip 3 via the IC chip communication unit 13.

  [Step S1101] The portable terminal 1 makes it possible to acquire the biological information of the user by turning on the power of the biological sensor 18, for example. Then, a biometric information acquisition request is presented to the user using the user display unit 16.

  [Step S1102] The user inputs biological information using the biological sensor 18.

  [Step S1103] The portable terminal 1 transmits the biological information acquired from the user to the IC chip 3 via the IC chip communication unit 13.

  [Step S1104] The IC chip 3 performs biometric authentication using the biometric information acquired from the mobile terminal 1. Specifically, the similarity between the registered biometric information managed as the user authentication registration data 113 and the acquired biometric information is calculated based on a predetermined algorithm, and if the similarity is greater than a predetermined threshold, the user Judge that authentication was successful. Alternatively, if the similarity is smaller than a predetermined threshold, it is determined that user authentication has failed.

  [Step S1105] When user authentication by biometric authentication is successful, the IC chip 3 refers to the event management table 115 and determines an increase / decrease value of the user reliability information 114. Then, the user reliability information 114 is changed or updated by adding (or subtracting) the determined increase / decrease value to the user reliability information 114.

  For example, in the example described with reference to FIG. 3, when user authentication by biometric authentication is successful, 10 is added to the user reliability information 114. Thereafter, the IC chip 3 changes or updates the user authentication flag 116 based on the result of user authentication by biometric authentication. Note that if the user authentication flag 116 already indicates that “user authentication by biometric authentication has succeeded”, the user reliability information 114 may be changed or not updated, and is within the scope of application of the present invention. .

  [Step S1106] The IC chip 3 returns the result of user authentication by biometric authentication to the mobile terminal 1.

  [Step S1107] The mobile terminal 1 displays or notifies the user of the result of user authentication by biometric authentication using the user display unit 16.

  [Step S1108] When user authentication by biometric authentication is successful, the mobile terminal 1 starts monitoring the event that occurs in the mobile terminal 1 by starting the event monitoring program 102.

With the processing steps described above, it is possible to perform user authentication using biometric authentication before the settlement process using the mobile terminal 1 is performed. In addition, if user authentication using biometric authentication is successful, an event that may increase the possibility of unauthorized use of the mobile terminal 1 before the settlement process is started by monitoring the event that occurs in the mobile terminal 1. It is possible to detect the occurrence of
(9) Event Monitoring Processing FIG. 8 shows processing steps between the mobile terminal 1 and the IC chip 3 for monitoring an event that occurs in the mobile terminal 1 and notifying signals and information indicating the event. ing. In the following description, the event monitoring program 102 is mainly executed for processing performed by the mobile terminal 1, and the user authentication processing program 111 is mainly executed for processing performed by the IC chip 3.

  [Step S2001] When the user authentication is successful, the portable terminal 1 starts an event monitoring process. First, referring to the event setting table 104, a sensor necessary for monitoring an effective event is selected.

  For example, select timer 19 to monitor a “timer notification” event, select acceleration sensor 20 to monitor a “fall detection” event, and position to monitor a “position movement detection” event. The information detection unit 21 is selected. If there are a plurality of valid events in the event setting table 104, a plurality of corresponding sensors are selected.

  [Step S2002] The portable terminal 1 starts measurement of a predetermined physical quantity and state using each selected sensor. Then, it waits until the measured physical quantity or state satisfies the event generation condition set as the setting value 213 of the event setting table 104.

  [Step S2003] When the mobile terminal 1 detects the occurrence of the monitored event using the selected sensor, the mobile terminal 1 transmits the identifier of the generated event to the IC chip 3 via the IC chip communication unit 13.

  [Step S2004] When receiving the identifier of the event that has occurred via the contact communication unit 33, the IC chip 3 refers to the event management table 115 and determines an increase / decrease value of the user reliability corresponding to the event that has occurred.

  [Step S2005] The IC chip 3 adds (or subtracts) the determined increase / decrease value of the user reliability information in order to change or update the user reliability information 114. In addition, if the user reliability information 114 becomes a predetermined value (for example, 0) or less, the user authentication flag 116 is changed to a state indicating that “all user authentication has not been performed”. deep. Then, the IC chip 3 notifies the mobile terminal 1 that the processing is completed via the contact communication unit 33.

  [Step S2006] The portable terminal 1 returns to step S2002 and continues the event monitoring process.

Through the processing steps described above, the mobile terminal 1 detects the occurrence of an event that is likely to be fraudulent from the successful user authentication process to the settlement process, and notifies the IC chip 3 of the occurrence. The IC chip 3 can change or update the user reliability information 114 according to the notified event.
(10) Payment processing using a mobile terminal (when new user authentication is not required)
FIG. 9 shows a first example of payment processing steps performed between the IC chip 3 inside the mobile terminal 1 and the payment terminal 5. This processing step corresponds to the case where the user reliability information 114 managed by the IC chip 3 is sufficient to make a payment and no new user authentication is required. In the following description, the processing performed by the IC chip 3 is mainly executed by the payment processing program 112, and the processing performed by the payment terminal 5 is mainly executed by the payment terminal control program 121.

  [Step S3000] The user holds the mobile terminal 1 over the antenna 54 of the payment terminal 5 in order to make a payment.

  [Step S3001] The settlement terminal 5 controls the non-contact IC card communication unit 53 to periodically transmit a command to start communication with the IC chip 3, and when the portable terminal 1 is held over the antenna 54, The IC chip 3 responds to the communication start request command. Thereby, non-contact communication is started between the settlement terminal 5 and the IC chip 3. Thereafter, predetermined device authentication is executed between the payment terminal 5 and the IC chip 3 by non-contact communication.

  Here, the device authentication is processing in which one or both of the payment terminal 5 and the IC chip 3 authenticates that the communication partner is a legitimate device, and is realized using cryptographic processing. As an encryption algorithm used for device authentication, it is conceivable to use, for example, DES encryption of a common key encryption method or RSA encryption of a public key encryption method. Alternatively, other cryptographic algorithms may be used within the scope of the present invention.

  [Step S3002] When the device authentication is successful, the payment terminal 5 transmits a user reliability information acquisition request to the IC chip 3.

  [Step S3003] Upon receiving the user reliability information acquisition request from the payment terminal 5, the IC chip 3 transmits the user reliability information 114 to the payment terminal 5 if the device authentication is successful.

  Here, the IC chip 3 transmits the user reliability information 114 only to a legitimate counterpart device that has been successfully authenticated. This is because if the IC chip 3 outputs the user reliability information 114 unconditionally to the outside, if the mobile terminal 1 is stolen by an attacker, an attack hint (even without new user authentication) This is because there is a possibility of giving a settlement.

  Further, the IC chip 3 encrypts the user reliability information 114 and adds the alteration detection data to the payment terminal 5 in order to prevent wiretapping and alteration of the data.

  Here, as a falsification detection data generation algorithm, for example, a MAC (Message Authentication Code) algorithm using a common key cryptosystem or a hash function may be used. Alternatively, even if falsification detection data is generated based on another algorithm, it is within the scope of the present invention.

  In addition, as encryption key data used for generation of encryption processing and falsification detection data, a value stored in advance in the IC chip 3 may be used, or a value temporarily generated by device authentication performed earlier is used. May be.

  [Step S3004] Upon receiving the encrypted user reliability information 114, the settlement terminal 5 performs a decryption process and a verification process of the falsification detection data. If the falsification detection data is successfully verified, it is determined that the user reliability information 114 acquired from the IC chip 3 is a valid value.

  Here, as the encryption key data used for the decryption processing and the tamper detection data verification, a value stored in the payment terminal 5 in advance may be used, or a value temporarily generated by the device authentication performed previously may be used. It may be used.

  [Step S3005] The settlement terminal 5 refers to the reliability threshold value table 122 to determine a reliability threshold value. For example, as described with reference to FIG. 4, the reliability threshold value is determined according to the settlement amount. If the user reliability information 114 is equal to or higher than the threshold value, it is determined that new user authentication is unnecessary.

  [Step S3006] When the payment terminal 5 determines that a new user authentication is not required, the payment terminal 5 transmits information indicating a notification of payment execution to the IC chip 3.

  [Step S3007] When receiving the information indicating the payment execution notification from the payment terminal 5, the IC chip 3 subtracts the user reliability information 114 by a predetermined value. For example, in the example shown in FIG. 3, when the “payment execution” event occurs, the user reliability information 114 is decremented by 10, and the next user authentication process is required when performing the payment process. It is trying to become.

  Here, if the user reliability information 114 falls below a predetermined value (for example, 0), the user authentication flag 116 is changed to a state indicating that “all user authentication has not been performed”. Keep it.

  [Step S3008] Payment processing is performed between the payment terminal 5 and the IC chip 3 using non-contact communication.

Through the processing steps described above, the payment terminal 5 can determine whether or not a new user authentication is necessary using the user reliability information 114 acquired from the IC chip 3, and the user reliability information. If 114 is sufficient to make a payment, a new user authentication process is not required. As a result, the user can make payment quickly, and convenience is improved.
(11) Payment processing using a mobile terminal (when new user authentication is required)
FIG. 10 shows a second embodiment of a payment processing step performed between the IC chip 3 inside the mobile terminal 1 and the payment terminal 5. This processing step corresponds to a case where the user reliability information 114 managed by the IC chip 3 is insufficient to make a payment and new user authentication is required.

  In the following description, the processing performed by the IC chip 3 is mainly executed by the payment processing program 112, and the processing performed by the payment terminal 5 is mainly executed by the payment terminal control program 121.

  [Step S4000] The user holds the mobile terminal 1 over the antenna 54 of the payment terminal 5 in order to make a payment.

  [Step S4001] The settlement terminal 5 controls the non-contact IC card communication unit 53 to periodically transmit a communication start request command with the IC chip 3, and the portable terminal 1 is held over the antenna 54. The IC chip 3 controls the non-contact communication unit 34 and responds to the communication start request command. Thereby, non-contact communication is started between the settlement terminal 5 and the IC chip 3. Thereafter, predetermined device authentication is executed between the payment terminal 5 and the IC chip 3 by non-contact communication.

  [Step S4002] When the device authentication is successful, the payment terminal 5 transmits a user reliability information acquisition request to the IC chip 3 by non-contact communication.

  [Step S4003] Upon receiving the user reliability information acquisition request from the payment terminal 5, the IC chip 3 encrypts the user reliability information 114 and transmits the alteration detection data if the device authentication is successful. In addition, a reply is made to the payment terminal 5 by non-contact communication.

  [Step S4004] Upon receiving the encrypted user reliability information 114, the settlement terminal 5 performs a decryption process and a verification process of the falsification detection data. If the falsification detection data is successfully verified, it is determined that the user reliability information 114 acquired from the IC chip 3 is a valid value.

  [Step S4005] The settlement terminal 5 refers to the reliability threshold value table 122 to determine a reliability threshold value. If the user reliability information 114 is less than the threshold value, it is determined that new user authentication is necessary.

  [Step S4006] When the payment terminal 5 determines that a new user authentication is required, the user authentication request information (however, shown as a user authentication request in the drawing) is not contacted with the IC chip 3. Send by communication.

  [Step S4007] When the IC chip 3 receives the user authentication request from the settlement terminal 5 by non-contact communication, the IC chip 3 transmits the user authentication request to the mobile terminal 1 via the contact communication unit 33.

  [Step S4008] When the mobile terminal 1 obtains a user authentication request via the IC chip communication unit 13, the mobile terminal 1 notifies the user that a new user authentication is required or executes a new user authentication. Send information that indicates

  If the user permits new user authentication, the PIN verification described with reference to FIG. 6 or the biometric authentication described with reference to FIG. 7 is performed. For example, it may be possible to display the series of screens described in FIG. 5 on the user display unit 16 of the mobile terminal 1.

  If the payment terminal 5 determines that the user reliability information 114 acquired from the IC chip 3 is not a sufficient value for performing the payment by the processing steps described above, a new user authentication process is performed on the IC chip. Request. This makes it possible to reduce the risk of unauthorized use due to impersonation and improves security.

  Here, as described with reference to FIG. 8, as a result of the IC chip 3 changing the user reliability information 114 according to the event notified from the mobile terminal 1, the user reliability information 114 is predetermined. The IC chip 3 may be controlled so as to stop the function of the entire IC chip 3 when the value becomes equal to or less than the value (for example, 0).

Alternatively, the IC chip 3 may be controlled so that user authentication using the IC chip 3 cannot be executed. In this case, the payment terminal 5 cannot communicate with the IC chip 3 or cannot perform user authentication. As a result, when the possibility of loss or theft of the mobile terminal 1 increases, the risk of unauthorized use of the IC chip 3 can be further reduced.
(12) Modification of the present embodiment In the above description, the payment terminal 5 has determined whether or not a new user authentication is necessary during the payment process. It is good also as a structure which determines the necessity of this.

  FIG. 11 in which the same reference numerals are assigned to the parts corresponding to those in FIG.

In FIG. 11, the reliability threshold value table 122 is stored in the memory 31 mounted on the IC chip 3. As a result, the IC chip 3 determines the reliability threshold by referring to the reliability threshold table 122 at the time of the settlement process, and compares the threshold with the user reliability information 114 to perform a new user authentication. It becomes possible to determine necessity.
(13) Effects of the Embodiment As described above, by using the mobile terminal 1, the IC chip 3, and the payment terminal 5 according to the present embodiment, the result of the user authentication executed prior to the payment process and the payment are executed. In consideration of the events that have been likely to increase the possibility of unauthorized use of IC chips, the current user reliability information is determined, and based on such user reliability information, a new This makes it possible to determine whether or not a user authentication is necessary. Thereby, the possibility that the IC chip is illegally used can be reduced without impairing the convenience of the user.

It is a block diagram which shows the structure of the payment system in this Embodiment. It is a block diagram of the event setting table shown in FIG. It is a block diagram of the event management table shown in FIG. It is a block diagram of the reliability threshold value table shown in FIG. It is a conceptual diagram which shows the example of a screen which the portable terminal shown in FIG. 1 displays. It is a sequence diagram which shows the flow of the user authentication process using PIN collation. It is a sequence diagram which shows the flow of the user authentication process using biometric authentication. It is a sequence diagram which shows the flow of the event monitoring process. It is a sequence diagram which shows the flow of the payment process which does not require new user authentication. It is a sequence diagram which shows the flow of the payment process in which new user authentication is required. It is a block diagram which shows the structure of the payment system which is a modification of this Embodiment.

Explanation of symbols

1 ... mobile terminal, 3 ... IC chip, 5 ... payment terminal,
11 ... Memory, 12 ... Mobile terminal control unit, 13 ... IC chip communication unit, 14 ... Wireless communication unit
15 ... User authentication start button, 16 ... User display, 17 ... User operation, 18 ... Biosensor
19 ... Timer, 20 ... Acceleration sensor, 21 ... Position information detection unit, 22 ... Power supply control unit, 23 ... Antenna
31 ... Memory, 32 ... IC chip control unit, 33 ... Contact communication unit, 34 ... Non-contact communication unit,
35 ... Cryptographic processing part, 36 ... Power supply control part, 37 ... Antenna,
51 ... Memory, 52 ... Payment terminal control unit, 53 ... Non-contact IC card communication unit, 54 ... Antenna,
100 ... operating system, 101 ... mobile terminal control program, 102 ... event monitoring program,
103 ... mobile terminal control data, 104 ... event setting table,
110 ... Operating system, 111 ... User authentication processing program, 112 ... Payment processing program,
113: User authentication registration information (user authentication registration data), 114: User reliability information, 115: Event management table,
116: User authentication flag, 117: Payment related information,
121 ... Payment terminal control program, 122 ... Reliability threshold table

Claims (14)

A semiconductor device that is mounted on a portable terminal equipped with a timer for measuring time or a sensor for detecting predetermined physical information, and performs settlement or authentication with an information terminal,
The semiconductor element is
A non-contact communication unit that performs non-contact communication with the information terminal;
A contact communication unit that performs contact communication with the mobile terminal;
A storage unit for storing information;
At least the non-contact communication unit, the contact communication unit, and a semiconductor element control unit that controls the storage unit,
Storing user authentication registration information, which is information as a user of the mobile terminal, in the storage unit;
Storing user reliability information corresponding to the degree of similarity between the information related to authentication input to the mobile terminal and the user authentication registration information in the storage unit;
A semiconductor element characterized in that the user reliability information is changed after receiving state change notification information indicating a change in output of the timer or the sensor from the portable terminal. In the semiconductor device according to claim 1,
The semiconductor element performs settlement or authentication with the information terminal after the semiconductor element transmits the user reliability information to the information terminal. In the semiconductor device according to claim 1,
The state change notification information received from the mobile terminal is:
Detecting that a predetermined time has elapsed since the mobile terminal performed the previous authentication process;
Alternatively, it is detected that a predetermined acceleration is applied to the mobile terminal,
Alternatively, it is information indicating that it has been detected that the position of the mobile terminal has moved a value indicating a predetermined distance. In the semiconductor device according to claim 1,
The semiconductor element has a user authentication unit for authenticating a user,
After receiving user authentication request information from the mobile terminal, the user authentication unit performs an operation using information related to authentication input to the mobile terminal and the user authentication registration information,
A semiconductor element characterized in that the user reliability information is changed after the calculation output. In the semiconductor device according to claim 1,
The semiconductor element changes the user reliability information after receiving a notification not to perform authentication from the information terminal. In the semiconductor device according to claim 1,
The semiconductor element transmits user authentication request information to the mobile terminal after receiving a notification to execute authentication from the information terminal. In the semiconductor device according to claim 1,
Storing in the storage unit a reliability threshold table in which threshold information corresponding to a security level referred to in settlement or authentication is set;
Comparing the user reliability information with the threshold value set in the reliability threshold value table, it is determined whether or not it is necessary to execute authentication. A mobile terminal equipped with a semiconductor element having a non-contact communication unit, a contact communication unit, and a user authentication unit for authenticating a user,
The semiconductor element is
A storage unit for storing user reliability information corresponding to a degree of similarity between the user authentication registration information and the user authentication registration information;
The portable terminal is
A timer for measuring time or a sensor for detecting predetermined physical information;
A semiconductor element communication unit that performs contact communication with the semiconductor element;
A storage unit for storing a program or information for controlling the portable terminal,
An event setting table for setting physical information to be monitored using the timer or the sensor is stored in the storage unit,
The portable terminal monitors the state of the portable terminal set in the event setting table after successful user authentication using the semiconductor element, and when the state change of the portable terminal occurs, the semiconductor Sending state change notification information of the mobile terminal to the element ;
The mobile terminal , wherein the semiconductor element changes the user reliability information based on the state change notification information . In the mobile terminal according to claim 8,
The mobile terminal includes a timer for detecting that a predetermined time has elapsed,
A portable terminal that monitors the passage of a predetermined time using the timer after referring to the information set in the event setting table In the mobile terminal according to claim 8,
The portable terminal is equipped with an acceleration sensor that detects that a predetermined acceleration has been applied, and after referring to the information set in the event setting table, monitoring that the predetermined acceleration has been applied using the acceleration sensor A mobile terminal characterized by In the mobile terminal according to claim 8,
The portable terminal includes a position information detection unit that detects a position, and monitors the position using the position information detection unit after referring to information set in the event setting table. An information terminal for performing settlement or authentication between a non-contact communication unit and a semiconductor element having a user authentication unit for authenticating a user,
The information terminal
A non-contact communication unit that performs non-contact communication with the semiconductor element;
A storage unit for storing information,
Storing the a threshold of the user reliability information about the user of the semiconductor device, a reliability threshold table information threshold is set corresponding to the security level that is referenced by payment or authentication in the storage unit,
After receiving the user reliability information updated by the state change notification information of the mobile terminal equipped with the semiconductor element from the semiconductor element ,
An information terminal that compares the user reliability information with the threshold and determines whether or not to perform authentication In the information terminal according to claim 12,
The information terminal is configured to notify the semiconductor element that authentication is not performed when the user reliability information is equal to or greater than the threshold value. In the information terminal according to claim 12,
The information terminal is configured to notify the semiconductor element to perform authentication when the user reliability information is less than the threshold value.

Images