JP6044224B2 - Terminal device, program, and communication device - Google Patents

Description

  The present disclosure relates to a terminal device, a program, and a communication device.

  In recent years, settlement of transactions that do not use cash has become widespread. For example, settlement is performed using a credit card, a debit card, a prepaid card or the like.

  For example, in credit card payment at a store, the card information (card information, expiration date, etc.) of the user's credit card is read by a CAT (Credit Authorization Terminal) arranged at the store of the member store, and the card information Is sent to the payment server. Further, when the user inputs a password to the CAT, the password is also transmitted to the settlement server. Then, settlement processing is performed by the settlement server. Further, for example, in credit card payment in online shopping, a user inputs card information with a PC (Personal Computer), and the card information is transmitted to a payment server. Further, when the user inputs a personal identification number on the PC, the personal identification number is also transmitted to the settlement server. Then, settlement processing is performed by the settlement server. Various techniques have been proposed to enhance the convenience of these settlements.

  For example, in Patent Document 1, a card reader provided in a mobile phone terminal reads card information, and the mobile phone terminal transmits the card information to a payment server, thereby improving the convenience of online shopping using a credit card. Techniques for enhancing are disclosed.

JP 2002-15263 A

  However, in the conventional technology, there is a possibility that the card information (card information, expiration date, etc.) of the user's credit card, the personal identification number, etc. will leak to the store side of the member store. For example, card information may be accumulated by an apparatus (for example, CAT) arranged in a store of a member store, and the card information may be illegally obtained. For example, skimming may be performed in a separate room by a malicious store clerk who keeps a card from a user. As in the above example, there is a concern that the information on the user side used for settlement of the transaction leaks to the store side in the transaction at the store.

  Therefore, it is desirable to provide a mechanism that makes it possible to conceal information on the user side used for settlement of the transaction in the store at the store side.

According to the present disclosure, an acquisition unit that acquires payment information including user identification information for uniquely identifying the user in payment of a transaction between a user and a member store, and the payment information An encryption unit for encryption, a providing unit for providing the encrypted payment information to the member store apparatus, and key information for decrypting the encrypted payment information are made available. There is provided a terminal device including a communication unit that transmits information and transaction identification information for uniquely identifying the transaction to another device that performs the decryption. The encrypted settlement information is transmitted together with the transaction identification information by the device of the member store to the other device and decrypted by the other device using the key information.

  The payment information may further include authentication information for authenticating the user.

  The information for making the key information available may be the key information.

  Further, the information for making the key information usable is information for making the key identification information for uniquely identifying the key information, and the key information is stored in association with the key identification information. The key identification information may be used to obtain the information by the other device.

  The key identification information may be the user identification information or the other user identification information.

  The information for making the key information available may be the key identification information.

  Further, the information for making the key information usable is identification information that can be used under a predetermined condition, and may be the identification information for uniquely identifying the key identification information. Good.

  The predetermined condition may include a time condition during which the identification information can be used.

  The predetermined condition may include a condition for the number of times that the identification information can be used.

  The predetermined condition may include a condition of an area where the identification information can be used.

  In addition, the communication unit may transmit information for making the key information available to the other device via a wireless communication network of a communication carrier that provides a wireless communication service to the terminal device.

  The user identification information may be card information of a card used for the payment.

In addition, according to the present disclosure, the computer that controls the terminal device obtains payment information including user identification information for uniquely identifying the user in the transaction payment between the user and the member store. And an encryption unit for encrypting the payment information, and the terminal device is controlled so as to provide the encrypted payment information to the member store device, and the encrypted The terminal device so that the key information for decrypting the settlement information and the transaction identification information for uniquely identifying the transaction are transmitted to another device that performs the decryption. And a program for causing the program to function as a control unit. The encrypted settlement information is transmitted together with the transaction identification information by the device of the member store to the other device and decrypted by the other device using the key information.

Further, according to the present disclosure, the payment information including the user identification information for uniquely identifying the user in the settlement of the transaction between the user and the member store, which is encrypted by the terminal device. When the payment information is provided to the member store device, the encrypted payment information and transaction identification information for uniquely identifying the transaction are received from the member store device. Information that enables use of the key information for decrypting the encrypted payment information , a communication unit that receives the transaction identification information from the terminal device, and the encrypted payment information And a decryption unit that decrypts the content using the key information.

  In addition, according to the present disclosure, the step of acquiring payment information including user identification information for uniquely identifying the user in the payment of a transaction between the user and the member store, and the payment information Encrypting the payment information to the member store device, and enabling the use of key information for decrypting the encrypted payment information. And transmitting to another device that performs the decoding. The encrypted settlement information is transmitted to the other device by the device of the member store, and decrypted by using the key information by the other device.

  Further, according to the present disclosure, it is settlement information including user identification information for uniquely identifying the user in the settlement of the transaction between the user and the member store, which is encrypted by the terminal device. When the payment information is provided to the member store device, the encrypted payment information is received from the member store device, and the encrypted payment information is decrypted. An information processing method is provided that includes receiving information for making the key information available from the terminal device and decrypting the encrypted payment information using the key information.

  As described above, according to the present disclosure, it is possible to conceal the information on the user side used for the settlement of the transaction in the store at the store side.

It is explanatory drawing which shows an example of the schematic structure of the information processing system which concerns on 1st Embodiment. It is a block diagram which shows an example of a structure of the terminal device which concerns on 1st Embodiment. It is a block diagram which shows an example of a structure of the member store apparatus which concerns on 1st Embodiment. It is a block diagram which shows an example of a structure of the payment server which concerns on 1st Embodiment. It is a sequence diagram which shows an example of the schematic flow of the information processing which concerns on 1st Embodiment. It is explanatory drawing which shows an example of the schematic structure of the information processing system which concerns on 2nd Embodiment. It is a block diagram which shows an example of a structure of the terminal device which concerns on 2nd Embodiment. It is a block diagram which shows an example of a structure of the payment server which concerns on 2nd Embodiment. It is a sequence diagram which shows an example of the schematic flow of the information processing which concerns on 2nd Embodiment. It is explanatory drawing which shows an example of the schematic structure of the information processing system which concerns on 3rd Embodiment. It is a block diagram which shows an example of a structure of the terminal device which concerns on 3rd Embodiment. It is a block diagram which shows an example of a structure of the one-time ID management server which concerns on 3rd Embodiment. It is a block diagram which shows an example of a structure of the payment server which concerns on 3rd Embodiment. It is a sequence diagram which shows an example of the schematic flow of the information processing which concerns on 3rd Embodiment. It is a sequence diagram which shows an example of the schematic flow of the one-time ID issuing process which concerns on 3rd Embodiment. It is explanatory drawing which shows an example of the schematic structure of the information processing system which concerns on 4th Embodiment. It is a block diagram which shows an example of a structure of the mediation server which concerns on 4th Embodiment. It is a block diagram which shows an example of a structure of the payment server which concerns on 4th Embodiment. It is a sequence diagram which shows an example of the schematic flow of the information processing which concerns on 4th Embodiment.

  Hereinafter, preferred embodiments of the present disclosure will be described in detail with reference to the accompanying drawings. In addition, in this specification and drawing, about the component which has the substantially same function structure, duplication description is abbreviate | omitted by attaching | subjecting the same code | symbol.

  Thereafter, <<<< 1. First Embodiment >>>> << 2. Second embodiment >>, <<<< 3. Third Embodiment >>>> <<<< 4. Embodiment of this indication is described in order of 4th Embodiment >>>.

<<<< 1. First embodiment >>
First, a first embodiment of the present disclosure will be described. Thereafter, << 1.1. Configuration of information processing system >>, << 1.2. Configuration of each device >>, << 1.3. The first embodiment will be described in the order of process flow >>.

<< 1.1. Configuration of information processing system >>
First, a schematic configuration of an information processing system according to the first embodiment will be described with reference to FIG. FIG. 1 is an explanatory diagram illustrating an example of a schematic configuration of the information processing system according to the first embodiment. Referring to FIG. 1, the information processing system includes a terminal device 100-1, a member store device 200, and a settlement server 300-1.

  As an example, the information processing system is a system for performing a credit card settlement. In this case, for example, the terminal device 100-1 is a smartphone used by a credit card user, the member store device 200 is a CAT placed in a store of a credit card member store, and the payment server 300 Reference numeral -1 denotes a server that performs credit card settlement processing.

  The terminal device 100-1 communicates with the settlement server 300-1 via, for example, the wireless communication network 10 of a communication provider that provides a wireless communication service to the terminal device 100-1. For example, the terminal device 100-1 communicates with the settlement server 300-1 via the Internet 20 in addition to the wireless communication network 10. Moreover, the member store apparatus 200 communicates with the payment server 300-1 via the internet 20, for example. Further, the terminal device 100-1 and the member store device 200 perform any communication other than wireless communication in the network 10, for example.

  When a transaction is performed at a member store, payment information (for example, card information, password, etc.) is encrypted by the terminal device 100-1. Then, the encrypted settlement information is provided to the member store apparatus 200. Then, the encrypted payment information is transmitted to the payment server 300-1 by the member store apparatus 200. In addition, key information for decrypting the payment information is transmitted to the payment server 300-1 by the terminal device 100-1. Then, the encrypted payment information is decrypted by the payment server 300-1 using the key information.

  That is, in the first embodiment, the apparatus for decrypting the encrypted payment information is the payment server 300-1. Then, the key information itself is transmitted from the terminal device 100-1 to the settlement server 300-1 as information that enables the use of key information for decrypting the encrypted settlement information.

  Hereinafter, << 1.2. Configuration of each device >> and << 1.3. More specific contents will be described in the flow of processing >>.

<< 1.2. Configuration of each device >>
Next, the configuration of each of the terminal device 100-1, the member store device 200, and the settlement server 300-1 according to the first embodiment will be described with reference to FIGS.

<1.2.1. Configuration of terminal device>
An example of the configuration of the terminal device 100-1 will be described with reference to FIG. FIG. 2 is a block diagram illustrating an example of the configuration of the terminal device 100-1 according to the first embodiment. Referring to FIG. 2, the terminal device 100-1 includes a short-range communication unit 110, a long-range communication unit 120, a storage unit 130, an input unit 140, and a processing unit 150.

(Short-range communication unit 110)
The short-range communication unit 110 provides information to the member store apparatus 200. In particular, when the payment information is encrypted by the processing unit 150 as described later, the short-range communication unit 110 provides the encrypted payment information to the member store apparatus 200. As an example, the short-range communication unit 110 transmits the encrypted payment information to the member store apparatus 200 by NFC (Near Field Communication).

  For example, the short-range communication unit 110 acquires information from the member store apparatus 200. Specifically, for example, the short-range communication unit 110 uses transaction identification information (hereinafter referred to as “transaction ID”) for uniquely identifying a transaction between a user and a member store as the member store device 200. Get from. As an example, the short-range communication unit 110 receives a transaction ID from the member store apparatus 200 by NFC.

  Note that the short-range communication unit 110 may transmit and receive information by another wireless communication such as infrared communication or wireless LAN (Local Area Network) communication instead of NFC. Further, the short-range communication unit 110 may transmit and receive information by wired communication.

  Further, the short-range communication unit 110 may provide the encrypted payment information to the member store apparatus 200 by displaying a code including the encrypted payment information. In this case, the member store apparatus 200 reads the displayed code. When a code including a transaction ID is displayed by the member store apparatus 200, the short-range communication unit 110 may acquire the transaction ID by reading the code. The code is, for example, a QR (Quick Response) code (registered trademark) or a barcode.

(Long distance communication unit 120)
The long distance communication unit 120 communicates with the settlement server 300-1. In particular, in the first embodiment, the long-range communication unit 120 transmits key information for decrypting the encrypted payment information to the payment server 300-1. For example, the long distance communication unit 120 transmits the transaction ID together with the key information to the settlement server 300-1.

  For example, the long-distance communication unit 120 transmits the key information to the settlement server 300-1 via the wireless communication network 10 of a communication carrier that provides a wireless communication service to the terminal device 100-1. The long-distance communication unit 120 also transmits a transaction ID to the settlement server 300-1 via the wireless communication network 10.

  In other words, in the first embodiment, the long distance communication unit 120 transmits the key information and the transaction ID to the settlement server 300-1 via the wireless communication network 10.

  The long-distance communication unit 120 may not directly transmit the key information and the transaction ID to the payment server 300-1. That is, the long-distance communication unit 120 transmits the key information and the transaction ID indirectly to the payment server 300-1 by transmitting the key information and the transaction ID to another device that transfers information to the payment server 300-1. May be sent to.

(Storage unit 130)
The storage unit 130 stores a program and data for the operation of the terminal device 100-1. The storage unit 130 includes a storage medium such as a hard disk or a semiconductor memory.

  Specifically, the storage unit 130 stores information that enables use of key information for decrypting the encrypted payment information. That is, in the first embodiment, the storage unit 130 stores the key information.

  Further, for example, the storage unit 130 stores user identification information for uniquely identifying the user in the settlement of the transaction between the user and the member store. The said user identification information is card information of the card | curd used for the settlement of the transaction between a user and a member store, for example. The card information includes, for example, a card number for uniquely identifying the user. The card information further includes, for example, a card expiration date.

(Input unit 140)
The input unit 140 acquires information according to the input operation.

  Specifically, for example, the input unit 140 acquires card information in response to an input operation of card information. As an example, the card information includes a card number and an expiration date. That is, the input unit 140 acquires a card number and an expiration date in response to a user's input operation of the card number and the expiration date. The acquired card information is stored in the storage unit 130.

  For example, the input unit 140 acquires authentication information in response to an input operation of authentication information for authenticating the user. As an example, the authentication information is a personal identification number. That is, the input unit 140 acquires a password in response to a password input operation by the user.

  The input unit 140 includes, for example, a touch detection surface of a touch panel. Note that the input unit 140 may include buttons, a keyboard, a switch, a lever, and the like instead of or in addition to the touch detection surface.

(Processing unit 150)
The processing unit 150 provides various functions of the terminal device 100-1. For example, the processing unit 150 corresponds to a processor such as a CPU or a DSP, and provides the various functions described above by executing a program stored in the storage unit 130 or another storage medium. The processing unit 150 includes a payment information acquisition unit 151, an encryption unit 153, and a control unit 155.

(Settlement information acquisition unit 151)
The payment information acquisition unit 151 acquires payment information including user identification information for uniquely identifying the user in the payment of the transaction between the user and the member store.

  For example, the payment information acquisition unit 151 acquires the user identification information from the storage unit 130 that stores the user identification information. The said user identification information is card information of the card | curd used for the settlement of the transaction between a user and a member store, for example.

  For example, the payment information further includes authentication information for authenticating the user. In this case, the payment information acquisition unit 151 acquires the authentication information from the input unit 140 that acquires the authentication information, for example. The authentication information is, for example, a personal identification number.

  As described above, the payment information acquisition unit 151 acquires payment information by acquiring each piece of information included in the payment information.

(Encryption unit 153)
The encryption unit 153 encrypts the payment information.

  For example, the encryption unit 153 encrypts the payment information using a common key encryption method. In this case, the key information for decrypting the encrypted payment information is a common key of a common key cryptosystem. That is, the encryption unit 153 encrypts the payment information using the key information that is an encryption key.

  The encryption unit 153 may encrypt the payment information using a public key cryptosystem. In this case, the encryption unit 153 may encrypt the payment information using a public key, and the key information may be a secret key corresponding to the public key.

(Control unit 155)
The control unit 155 controls the terminal device 100-1 so as to provide the encrypted settlement information to the member store device 200. More specifically, for example, the control unit 155 causes the short-range communication unit 110 to provide the encrypted settlement information to the member store apparatus 200.

  In addition, the control unit 155 controls the terminal device 100-1 to transmit key information for decrypting the encrypted payment information to the payment server 300-1. Specifically, for example, the control unit 155 causes the long distance communication unit 120 to transmit the key information to the settlement server 300-1. For example, the control unit 155 causes the long-distance communication unit 120 to transmit the transaction ID together with the key information to the settlement server 300-1.

<1.2.2. Configuration of member store equipment>
Next, an example of the configuration of the member store apparatus 200 will be described with reference to FIG. FIG. 3 is a block diagram illustrating an example of the configuration of the member store apparatus 200 according to the first embodiment. Referring to FIG. 3, the member store apparatus 200 includes a short distance communication unit 210, a long distance communication unit 220, a storage unit 230, an input unit 240, and a processing unit 250.

(Short-range communication unit 210)
The short-range communication unit 210 acquires information from the terminal device 100-1. In particular, when the payment information encrypted by the terminal device 100-1 is provided to the member store apparatus 200, the short-range communication unit 210 acquires the encrypted payment information. As an example, the short-range communication unit 210 receives encrypted payment information from the member store apparatus 200 by NFC.

  The short-range communication unit 210 provides information to the terminal device 100-1. Specifically, for example, transaction identification information (that is, transaction ID) for uniquely identifying a transaction between a user and a member store is processed by a processing unit 250 (transaction ID issuing unit 251) as will be described later. When issued, the short-range communication unit 210 provides the transaction ID to the terminal device 100-1. As an example, the short-range communication unit 210 transmits the transaction ID to the terminal device 100-1 by NFC.

  Note that the short-range communication unit 210 may transmit and receive information by another wireless communication such as infrared communication or wireless LAN communication instead of NFC. Further, the short-range communication unit 210 may transmit and receive information by wired communication.

  Further, when the code including the encrypted payment information is displayed by the terminal device 100-1, the short-range communication unit 210 obtains the encrypted payment information by reading the code. May be. Further, the short-range communication unit 210 may provide the transaction ID to the terminal device 100-1 by displaying a code including the transaction ID. In this case, the terminal device 100-1 reads the code. The code is, for example, a QR code (registered trademark) or a barcode.

(Long distance communication unit 220)
The long distance communication unit 220 communicates with the settlement server 300-1. In particular, the encrypted payment information is transmitted to the payment server 300-1 by the member store apparatus 200. That is, the long-distance communication unit 220 transmits the encrypted payment information provided by the terminal device 100-1 to the payment server 300-1.

  Further, for example, the encrypted payment information is transmitted together with the transaction ID by the member store apparatus 200 to the payment server 300-1. In other words, the long distance communication unit 220 transmits the transaction ID together with the encrypted payment information to the payment server 300-1. The long-distance communication unit 220 transmits the transaction information to the settlement server 300-1 together with the encrypted settlement information and transaction ID. As will be described later, the transaction ID is issued by the processing unit 250 (transaction ID issuing unit 251), and the transaction information is acquired by the processing unit 250 (transaction information acquiring unit 253).

  Further, for example, the long distance communication unit 220 transmits the encrypted payment information to the payment server 300-1 via the Internet 20. The long-distance communication unit 220 also transmits a transaction ID and transaction information to the settlement server 300-1 via the Internet 20.

  That is, in the first embodiment, the long-distance communication unit 220 transmits the encrypted payment information, transaction ID, and transaction information to the payment server 300-1 via the Internet 20.

  Note that the long-distance communication unit 220 may not directly transmit the encrypted payment information, transaction ID, and transaction information to the payment server 300-1. That is, the long-distance communication unit 220 transmits the encrypted payment information, the transaction ID, and the transaction information to another device that transfers information to the payment server 300-1, thereby encrypting the payment. The business information, transaction ID, and transaction information may be indirectly transmitted to the settlement server 300-1.

(Storage unit 230)
The storage unit 230 stores a program and data for the operation of the member store apparatus 200. The storage unit 230 includes a storage medium such as a hard disk or a semiconductor memory.

  For example, the storage unit 230 stores store identification information (hereinafter referred to as “store ID”) for identifying a store in which the member store device 200 is installed.

(Input unit 240)
The input unit 240 acquires information according to the input operation.

  Specifically, for example, the input unit 240 acquires money amount information indicating the payment amount of the transaction in response to an input operation of the payment amount of the transaction.

(Processing unit 250)
The processing unit 250 provides various functions of the member store apparatus 200. For example, the processing unit 250 corresponds to a processor such as a CPU or a DSP, and provides the various functions described above by executing a program stored in the storage unit 230 or another storage medium. The processing unit 250 includes a transaction ID issuing unit 251, a transaction information acquiring unit 253, and a control unit 255.

(Transaction ID issuing unit 251)
The transaction ID issuing unit 251 issues transaction identification information (that is, a transaction ID) for uniquely identifying a transaction between a user and a member store. For example, the transaction ID issuing unit 251 issues one transaction ID for one transaction.

(Transaction information acquisition unit 253)
The transaction information acquisition unit 253 acquires transaction information related to transactions between the user and the member store. The transaction information may include, for example, information such as store identification information (hereinafter referred to as “store ID”) for identifying a store where the member store device 200 is installed, and amount information indicating the payment amount of the transaction. .

  For example, the transaction information acquisition unit 253 acquires the store ID from the storage unit 230 that stores the store ID. Further, for example, the transaction information acquisition unit 253 acquires the amount information from the input unit 240 that acquires the amount information.

  As described above, the transaction information acquisition unit 253 acquires transaction information by acquiring each piece of information included in the transaction information.

(Control unit 255)
The control unit 255 controls the member store apparatus 200 so as to acquire the encrypted payment information from the terminal apparatus 100-1. More specifically, for example, the control unit 255 causes the short-range communication unit 210 to acquire encrypted payment information.

  Further, the control unit 255 controls the member store apparatus 200 so as to transmit the encrypted payment information to the payment server 300-1. More specifically, for example, the control unit 255 causes the long distance communication unit 220 to transmit the encrypted payment information provided by the terminal device 100-1 to the payment server 300-1. Further, for example, the control unit 255 causes the long-distance communication unit 220 to transmit the transaction ID and the transaction information together with the encrypted payment information to the payment server 300-1.

<1.2.3. Payment Server Configuration>
Next, an example of the configuration of the settlement server 300-1 will be described with reference to FIG. FIG. 4 is a block diagram showing an example of the configuration of the settlement server 300-1 according to the first embodiment. Referring to FIG. 4, the settlement server 300-1 includes a communication unit 310, a storage unit 320, and a processing unit 330.

(Communication unit 310)
The communication unit 310 communicates with the terminal device 100-1 and the member store device 200.

  More specifically, when the payment information encrypted by the terminal device 100-1 is provided to the member store device 200, the communication unit 310 receives the encrypted payment information from the member store device 200. Receive. Further, for example, the communication unit 310 receives the transaction ID and the transaction information from the member store apparatus 200 together with the encrypted payment information.

  In addition, the communication unit 310 receives key information for decrypting the encrypted payment information from the terminal device 100-1. For example, the communication part 310 receives transaction ID from the terminal device 100-1 with the said key information.

(Storage unit 320)
The storage unit 320 stores a program and data for the operation of the settlement server 300-1. The storage unit 320 includes a storage medium such as a hard disk or a semiconductor memory.

(Processing unit 330)
The processing unit 330 provides various functions of the settlement server 300-1. For example, the processing unit 330 corresponds to a processor such as a CPU or a DSP, and provides the various functions described above by executing a program stored in the storage unit 320 or another storage medium. The processing unit 330 includes an information acquisition unit 331, a decryption unit 333, and a settlement processing unit 335.

(Information acquisition unit 331)
The information acquisition unit 331 acquires payment information encrypted by the terminal device 100-1. For example, the information acquisition unit 331 acquires a transaction ID and transaction information together with the encrypted payment information.

  More specifically, for example, when the settlement information, transaction ID, and transaction information encrypted by the terminal device 100-1 are received from the member store device 200, the information acquisition unit 331 performs the encryption. Settlement information, the transaction ID, and the transaction information are acquired.

  The information acquisition unit 331 acquires key information for decrypting the encrypted payment information. Moreover, the information acquisition part 331 acquires transaction ID with the said key information.

  More specifically, for example, when the key information and the transaction ID are received from the terminal device 100-1, the information acquisition unit 331 acquires the key information and the transaction ID.

  Further, the information acquisition unit 331 provides the decryption unit 333 with the encrypted payment information and key information corresponding to the encrypted payment information. More specifically, for example, if the transaction ID acquired together with the encrypted payment information matches the transaction ID acquired together with the key information, the information acquisition unit 331 performs the encrypted payment. The set of business information and the key information is provided to the decryption unit 333 together with the transaction ID.

  Moreover, the information acquisition part 331 provides transaction information to the payment process part 335 with transaction ID.

(Decoding unit 333)
The decryption unit 333 decrypts the encrypted payment information using the key information. For example, the decryption unit 333 converts the settlement information encrypted by an algorithm of a predetermined encryption method (for example, a common key encryption method or a public key encryption method) into the key information (for example, a common key or a secret key). ) To decrypt. Then, the decryption unit 333 provides the decrypted settlement information to the settlement processing unit 335 together with the transaction ID.

(Settlement processing unit 335)
The settlement processing unit 335 performs settlement processing for transactions between the user and the member store.

  For example, the settlement processing unit 335 executes a settlement process using the decrypted settlement information and transaction information corresponding to the settlement information. More specifically, when the transaction ID provided with the decrypted payment information matches the transaction ID provided with the transaction information, the payment processing unit 335 uses the payment information and the transaction information. Execute the settlement process.

  As an example, the payment processing unit 335 verifies whether or not the user can pay, charges, etc. as the payment processing. Specifically, for example, the settlement processing unit 335 verifies whether the user can pay based on the payment amount indicated by the amount information included in the transaction information and the remaining amount available to the user. Further, for example, the settlement processing unit 335 performs billing after confirming the settlement at the member store apparatus 200.

<< 1.3. Process flow >>
Next, an example of information processing according to the first embodiment will be described with reference to FIG. FIG. 5 is a sequence diagram illustrating an example of a schematic flow of information processing according to the first embodiment.

  In step S601, the transaction ID issuing unit 251 of the member store apparatus 200 issues a transaction ID for uniquely identifying the transaction between the user and the member store. In step S603, the transaction information acquisition unit 253 of the member store apparatus 200 acquires transaction information regarding a transaction between the user and the member store. In step S605, the short-range communication unit 210 of the member store apparatus 200 provides the transaction ID to the terminal apparatus 100-1.

  In step S607, the payment information acquisition unit 151 of the terminal device 100-1 acquires payment information. For example, the payment information acquisition unit 151 acquires user identification information (for example, card information) and authentication information (for example, a password) included in the payment information. Next, in step S609, the encryption unit 153 of the terminal device 100-1 encrypts the payment information. In step S611, the short-range communication unit 110 of the terminal device 100-1 provides the encrypted settlement information to the member store apparatus 200.

  In step S613, the long distance communication unit 220 of the member store apparatus 200 transmits the encrypted payment information, transaction ID, and transaction information to the payment server 300-1.

  In step S615, the long-distance communication unit 120 of the terminal device 100-1 transmits key information and a transaction ID for decrypting the encrypted payment information to the payment server 300-1.

  In step S617, the decryption unit 333 of the settlement server 300-1 decrypts the encrypted settlement information using the key information. If the decryption using the key information is successful in step S619, the payment processing unit 335 verifies whether the user can pay in step S619. In step S621, the communication unit 310 of the settlement server 300-1 transmits the transaction ID, the decryption result, and the verification result to the member store apparatus 200.

  In step S623, the member store apparatus 200 performs a payment confirmation process. For example, the member store apparatus 200 displays the contents of the payment and generates a confirmation result indicating the approval of the payment or the cancellation of the payment in accordance with an operation for approval or cancellation of the payment. In step S625, the long-distance communication unit 220 of the member store apparatus 200 transmits the transaction ID and the confirmation result to the settlement server 300-1.

  In step S627, when the confirmation result indicates approval of the payment, the payment processing unit 335 of the payment server 300-1 charges. Then, the process ends.

  The first embodiment has been described above. According to the first embodiment, the encrypted payment information is provided to the store side, and the key information for decrypting the encrypted payment information is transmitted without passing through the store side. Therefore, it becomes possible to conceal the payment information on the store side. That is, according to the first embodiment, it is possible to conceal the information on the user side used for settlement of the transaction in the transaction at the store on the store side.

  Further, for example, by transmitting each of the encrypted payment information and key information together with the transaction ID, the encrypted payment information transmitted by the member store apparatus 200 and the terminal apparatus 100-1 are transmitted. Correspondence with the key information to be made becomes clear. Therefore, the settlement server 300-1 can easily know which encrypted settlement information should be decrypted using which key information.

  Further, for example, by including authentication information in the payment information, not only user identification information such as card information but also authentication information such as a personal identification number can be concealed in the store. Therefore, safety can be further improved.

  Further, for example, by transmitting information that makes the key information available (for example, the key information itself) via the wireless communication network 10 of the communication carrier, the information can be transmitted safely.

<<< 2. Second embodiment >>
Next, a second embodiment of the present disclosure will be described. Thereafter, << 2.1. Configuration of information processing system >>, << 2.2. Configuration of each device >>, << 2.3. The second embodiment will be described in the order of process flow >>.

<< 2.1. Configuration of information processing system >>
First, a schematic configuration of an information processing system according to the second embodiment will be described with reference to FIG. FIG. 6 is an explanatory diagram illustrating an example of a schematic configuration of an information processing system according to the second embodiment. Referring to FIG. 6, the information processing system includes a terminal device 100-2, a member store device 200, and a payment server 300-2.

  In the first embodiment, key information for decrypting payment information is transmitted from the terminal device 100-1 to the payment server 300-1. Then, the encrypted payment information is decrypted by the payment server 300-1 using the key information. On the other hand, in the second embodiment, not the key information itself but key identification information for uniquely identifying the key information is transmitted to the settlement server 300-2 by the terminal device 100-2. Then, the settlement server 300-2 acquires key information using the key recording identification information. Thereafter, the encrypted payment information is decrypted by the payment server 300-2 using the key information.

  That is, in the second embodiment, as in the first embodiment, the apparatus that decrypts the encrypted payment information is the payment server 300-1. However, in the second embodiment, unlike the first embodiment, the key information is uniquely identified as information that enables the use of key information for decrypting the encrypted payment information. Is transmitted to the settlement server 300-1 by the terminal device 100-1. As described above, the second embodiment can also be regarded as a modification of the first embodiment.

  Hereinafter, << 2.2. Configuration of each device >> and << 2.3. More specific contents will be described in the flow of processing >>.

<< 2.2. Configuration of each device >>
With reference to FIG.7 and FIG.8, each structure of the terminal device 100-2 and payment server 300-2 which concern on 2nd Embodiment is demonstrated.

  The configuration of the member store apparatus 200 according to the second embodiment is the same as that of the member store apparatus 200 according to the first embodiment.

<2.2.1. Configuration of terminal device>
An example of the configuration of the terminal device 100-2 will be described with reference to FIG. FIG. 7 is a block diagram illustrating an example of a configuration of the terminal device 100-2 according to the second embodiment. Referring to FIG. 7, the terminal device 100-2 includes a short-range communication unit 110, a long-range communication unit 121, a storage unit 131, an input unit 140, and a processing unit 160.

  Here, the short-range communication unit 110, the input unit 140, and the payment information acquisition unit 151 and the encryption unit 153 of the processing unit 160 are between the first embodiment and the second embodiment. There is no difference. Therefore, here, the control unit 165 of the long-distance communication unit 121, the storage unit 131, and the processing unit 160 will be described.

(Long distance communication unit 121)
The long-distance communication unit 121 communicates with the payment server 300-2. In particular, in the second embodiment, the long-distance communication unit 121 transmits key identification information for uniquely identifying key information for decrypting encrypted payment information to the payment server 300-2. To do. Further, for example, the long distance communication unit 121 transmits a transaction ID together with the key identification information to the settlement server 300-2.

  For example, the long-distance communication unit 121 transmits the key identification information to the settlement server 300-2 via the wireless communication network 10 of a communication provider that provides a wireless communication service to the terminal device 100-2. The long-distance communication unit 121 also transmits a transaction ID to the settlement server 300-2 via the wireless communication network 10.

  That is, in the second embodiment, the long distance communication unit 121 transmits the key identification information and the transaction ID to the settlement server 300-2 via the wireless communication network 10.

  The long distance communication unit 121 may not directly transmit the key identification information and the transaction ID to the payment server 300-2. That is, the long-distance communication unit 121 transmits the key identification information and the transaction ID to the settlement server 300-2 by transmitting the key identification information and the transaction ID to another device that transfers information to the settlement server 300-2. It may be transmitted indirectly.

(Storage unit 131)
The storage unit 131 stores a program and data for the operation of the terminal device 100-2. The storage unit 131 includes a storage medium such as a hard disk or a semiconductor memory.

  Specifically, the storage unit 131 stores information that enables use of key information for decrypting encrypted payment information. That is, in the second embodiment, the storage unit 131 stores key identification information for uniquely identifying the key information.

  The key identification information is, for example, the user identification information or another user identification information for uniquely identifying the user. Thus, when there is key information corresponding to each user, the key identification information can be identified by information for uniquely identifying the user.

  Similarly to the first embodiment, for example, the storage unit 131 stores user identification information for uniquely identifying the user in the settlement of transactions between the user and the member store.

(Control unit 165)
Also in the second embodiment, as in the first embodiment, the control unit 165 controls the terminal device 100-2 so as to provide the encrypted settlement information to the member store apparatus 200. More specifically, for example, the control unit 165 causes the short-range communication unit 110 to provide the encrypted settlement information to the member store apparatus 200.

  In the second embodiment, unlike the first embodiment, the control unit 165 sets the key identification information for uniquely identifying the key information for decrypting the encrypted payment information, The terminal device 100-2 is controlled to transmit to the server 300-2. Specifically, for example, the control unit 165 causes the long distance communication unit 121 to transmit the key identification information to the settlement server 300-2. Further, for example, the control unit 165 causes the long distance communication unit 121 to transmit the transaction ID together with the key identification information to the settlement server 300-2.

<2.2.2. Payment Server Configuration>
Next, an example of the configuration of the settlement server 300-2 will be described with reference to FIG. FIG. 8 is a block diagram illustrating an example of a configuration of the settlement server 300-2 according to the second embodiment. Referring to FIG. 8, the settlement server 300-2 includes a communication unit 311, a storage unit 321, and a processing unit 340.

  Here, the decryption unit 333 and the settlement processing unit 335 in the processing unit 340 are not different between the first embodiment and the second embodiment. Therefore, here, the information acquisition 341 of the communication unit 311, the storage unit 321, and the processing unit 340 will be described.

(Communication unit 311)
The communication unit 311 communicates with the terminal device 100-2 and the member store device 200.

  More specifically, as in the first embodiment, when the payment unit information encrypted by the terminal device 100-2 is provided to the member store device 200, the communication unit 311 Payment information is received from the member store apparatus 200. For example, the communication unit 311 receives the transaction ID and the transaction information from the member store apparatus 200 together with the encrypted payment information.

  Further, in the second embodiment, unlike the first embodiment, the communication unit 311 includes key identification information for uniquely identifying key information for decrypting the encrypted payment information. Received from the terminal device 100-1. For example, the communication part 311 receives transaction ID from the terminal device 100-2 with the said key identification information.

(Storage unit 321)
The storage unit 321 stores a program and data for the operation of the settlement server 300-2. The storage unit 321 includes a storage medium such as a hard disk or a semiconductor memory.

  In particular, in the second embodiment, the key information is stored in association with the key identification information. For example, the storage unit 321 stores the key information in association with the key identification information. As an example, the storage unit 321 stores a lookup table including the key identification information and the key information.

(Information acquisition unit 341)
As in the first embodiment, the information acquisition unit 341 acquires payment information encrypted by the terminal device 100-2. For example, the information acquisition unit 341 acquires a transaction ID and transaction information together with the encrypted payment information.

  In the second embodiment, unlike the first embodiment, the information acquisition unit 341 uses key identification information for uniquely identifying key information for decrypting the encrypted payment information. get. More specifically, when the key identification information is received from the terminal device 100-2, the information acquisition unit 341 acquires the key identification information. Moreover, the information acquisition part 341 acquires transaction ID with the said key identification information.

  In the second embodiment, the information acquisition unit 341 acquires key information using the key identification information. More specifically, for example, the information acquisition unit 341 searches the lookup table stored in the storage unit 321 using the key identification information, and acquires key information corresponding to the key identification information.

  Further, as in the first embodiment, the information acquisition unit 341 provides the encrypted payment information and key information corresponding to the encrypted payment information to the decryption unit 333. Further, the information acquisition unit 341 provides the transaction information to the settlement processing unit 335 together with the transaction ID.

<< 2.3. Process flow >>
Next, an example of information processing according to the second embodiment will be described with reference to FIG. FIG. 9 is a sequence diagram illustrating an example of a schematic flow of information processing according to the second embodiment.

  Here, only steps S641 and S643, which are differences between an example of information processing according to the first embodiment described with reference to FIG. 5 and an example of information processing according to the second embodiment, will be described.

  In step S641, the long-distance communication unit 121 of the terminal device 100-2 uses the key identification information for uniquely identifying the key information for decrypting the encrypted payment information, and the transaction ID as the payment server. Send to 300-2.

  In step S643, the information acquisition unit 341 acquires key information using the key identification information.

  The second embodiment has been described above. According to the second embodiment, not the key information itself but key identification information for uniquely identifying the key information is transmitted from the terminal device 100-2 to the settlement server 300-2. Therefore, it is possible to avoid the risk that the key information leaks from the terminal device 100-2 and the risk that the key information leaks in the communication path from the terminal device 100-2 to the settlement server 300-2. That is, only the key identification information may be leaked from the terminal device 100-2 or the communication channel. Therefore, it is possible to prevent the encrypted payment information from being decrypted by a malicious third party.

<<< 3. Third Embodiment >>
Next, a third embodiment of the present disclosure will be described. Thereafter, << 3.1. Configuration of information processing system >>, << 3.2. Configuration of each device >>, << 3.3. The third embodiment will be described in the order of process flow >>.

<< 3.1. Configuration of information processing system >>
First, a schematic configuration of an information processing system according to the third embodiment will be described with reference to FIG. FIG. 10 is an explanatory diagram illustrating an example of a schematic configuration of an information processing system according to the third embodiment. Referring to FIG. 10, the information processing system includes a terminal device 100-3, a member store device 200, and a settlement server 300-3. Particularly in the third embodiment, the information processing system further includes a one-time ID management server 400.

  The one-time ID management server 400 manages identification information (hereinafter referred to as “one-time ID”) that can be used under predetermined conditions. Specifically, for example, the one-time ID management server 400 stores key identification information for uniquely identifying key information for decrypting payment information in association with the one-time ID, and stores the one-time ID. Is issued to the terminal device 100-3. The one-time ID issued in this way uniquely identifies the key identification information.

  In the second embodiment, key identification information for uniquely identifying key information is transmitted from the terminal device 100-2 to the settlement server 300-2. Then, the settlement server 300-2 acquires key information using the key recording identification information. On the other hand, in the third embodiment, the issued one-time ID is transmitted to the settlement server 300-3 by the terminal device 100-3. Then, the settlement server 300-3 acquires key identification information from the one-time ID management server 400 using the one-time ID. Further, the settlement server 300-3 acquires key information using the key recording identification information.

  That is, in the third embodiment, as in the second embodiment, the device that decrypts the encrypted payment information is the payment server 300-3. However, unlike the second embodiment, in the third embodiment, the key identification information is uniquely identified as information that enables the use of key information for decrypting the encrypted payment information. The time ID is transmitted to the settlement server 300-3 by the terminal device 100-3. Thus, the third embodiment can also be regarded as a modification of the second embodiment.

  Hereinafter, << 3.2. Configuration of each device >> and << 3.3. More specific contents will be described in the flow of processing >>.

<< 3.2. Configuration of each device >>
Each structure of the terminal device 100-3, the one-time ID management server 400, and the settlement server 300-3 according to the third embodiment will be described with reference to FIGS.

  The configuration of the member store apparatus 200 according to the third embodiment is the same as the configuration of the member store apparatus 200 according to the first embodiment and the second embodiment.

<3.2.1. Configuration of terminal device>
An example of the configuration of the terminal device 100-3 will be described with reference to FIG. FIG. 11 is a block diagram illustrating an example of a configuration of the terminal device 100-3 according to the third embodiment. Referring to FIG. 11, the terminal device 100-3 includes a short-range communication unit 110, a long-range communication unit 123, a storage unit 133, an input unit 140, and a processing unit 170.

  Here, the short-range communication unit 110, the input unit 140, and the settlement information acquisition unit 151 and the encryption unit 153 of the processing unit 170 are between the second embodiment and the third embodiment. There is no difference. Therefore, here, the control unit 175 of the long-distance communication unit 123, the storage unit 133, and the processing unit 170 will be described.

(Long distance communication unit 123)
The long distance communication unit 123 communicates with the payment server 300-3. In particular, in the third embodiment, the long-distance communication unit 123 transmits a one-time ID that uniquely identifies key identification information to the settlement server 300-3. As described above, the key identification information is identification information for uniquely identifying key information for decrypting the encrypted payment information. For example, the long distance communication unit 123 transmits the transaction ID together with the one-time ID to the settlement server 300-3.

  For example, the long-distance communication unit 123 transmits the one-time ID to the settlement server 300-2 via the wireless communication network 10 of a communication provider that provides a wireless communication service to the terminal device 100-3. The long-distance communication unit 123 also transmits a transaction ID to the settlement server 300-3 via the wireless communication network 10.

  That is, in the third embodiment, the long distance communication unit 123 transmits the one-time ID and the transaction ID to the settlement server 300-3 via the wireless communication network 10.

  The long distance communication unit 123 may not directly transmit the one-time ID and the transaction ID to the payment server 300-3. That is, the long-distance communication unit 123 transmits the one-time ID and the transaction ID to the settlement server 300-3 by transmitting the one-time ID and the transaction ID to another device that transfers information to the settlement server 300-3. It may be transmitted indirectly.

  In the third embodiment, for example, the long-distance communication unit 123 further communicates with the one-time ID management server 300-3. Specifically, for example, when issuing a one-time ID, the long-distance communication unit 123 transmits key identification information to the one-time ID management server 400, and sets a one-time ID that uniquely identifies the key identification information. Received from the one-time ID management server 400.

(Storage unit 133)
The storage unit 133 stores a program and data for the operation of the terminal device 100-3. The storage unit 133 includes a storage medium such as a hard disk or a semiconductor memory.

  Specifically, the storage unit 133 stores information that makes it possible to use key information for decrypting the encrypted payment information. That is, in the third embodiment, the storage unit 133 stores a one-time ID that uniquely identifies the key identification information. For example, the storage unit 133 stores the key identification information.

  Further, similarly to the second embodiment, for example, the storage unit 133 stores user identification information for uniquely identifying the user in the settlement of the transaction between the user and the member store.

(Control unit 175)
Also in the third embodiment, as in the second embodiment, the control unit 175 controls the terminal device 100-3 so as to provide the encrypted settlement information to the member store device 200. More specifically, for example, the control unit 175 causes the short-range communication unit 110 to provide the encrypted settlement information to the member store apparatus 200.

  Also, in the third embodiment, unlike the second embodiment, the control unit 175 transmits the one-time ID that uniquely identifies the key identification information to the payment server 300-3 so that the terminal device 100- 3 is controlled. Specifically, for example, the control unit 175 causes the long distance communication unit 123 to transmit the one-time ID to the settlement server 300-3. For example, the control unit 175 causes the long-distance communication unit 123 to transmit the transaction ID together with the one-time ID to the settlement server 300-3.

  In the third embodiment, for example, when the one-time ID is issued, the control unit 175 transmits the key identification information to the one-time ID management server 400 to uniquely identify the key identification information. The terminal device 100-3 is controlled to receive the ID from the one-time ID management server 400. Specifically, for example, the control unit 175 causes the long-distance communication unit 123 to transmit key identification information to the one-time ID management server 400, and the one-time ID for uniquely identifying the key identification information is managed by the one-time ID management. Receive from the server 400.

<3.2.2. Configuration of one-time ID management server>
Next, an example of the configuration of the one-time ID management server 400 will be described with reference to FIG. FIG. 12 is a block diagram illustrating an example of the configuration of the one-time ID management server 400 according to the third embodiment. Referring to FIG. 12, the one-time ID management server 400 includes a communication unit 410, a storage unit 420, and a processing unit 430.

(Communication unit 410)
The communication unit 410 communicates with the settlement server 300-3. More specifically, for example, the communication unit 410 receives a one-time ID from the payment server 300-3. In addition, the communication unit 410 transmits key identification information corresponding to the received one-time ID to the settlement server 300-3.

  For example, the communication unit 410 communicates with the terminal device 100-3. For example, the communication unit 410 receives key identification information from the terminal device 100-3. When the one-time ID corresponding to the key identification information is issued, the communication unit 410 transmits the one-time ID to the terminal device 100-3.

(Storage unit 420)
The storage unit 420 stores a program and data for the operation of the one-time ID management server 400. The storage unit 420 includes a storage medium such as a hard disk or a semiconductor memory.

  In particular, the storage unit 420 stores a one-time ID. The storage unit 420 also stores, for example, a predetermined condition (hereinafter referred to as “use condition”) in which the one-time ID can be used.

  In addition, when a one-time ID is issued for key identification information, the storage unit 420 stores key identification information corresponding to the issued one-time ID. For example, the storage unit 420 stores a lookup table including a one-time ID and key identification information.

(Processing unit 430)
The processing unit 430 provides various functions of the one-time ID management server 400. For example, the processing unit 430 corresponds to a processor such as a CPU or a DSP, and provides the various functions described above by executing a program stored in the storage unit 420 or another storage medium. The processing unit 430 includes an ID management unit 431 and a search unit 433.

(ID manager 431)
The ID management unit 431 manages the one-time ID.

  For example, the ID management unit 431 issues a one-time ID. In particular, the ID management unit 431 issues a one-time ID that uniquely identifies key identification information. Specifically, for example, when the key identification information transmitted by the terminal device 100-3 is received by the one-time ID management server 400, the ID management unit 431 issues a new one-time ID, and the storage unit In 420, the received key identification information is stored in association with the one-time ID. As a result, the issued one-time ID becomes a one-time ID that uniquely identifies the key identification information. Then, the ID management unit 431 causes the communication unit 410 to transmit the issued one-time ID to the terminal device 100-3.

  The one-time ID is accompanied by a predetermined condition (that is, a use condition) that allows the one-time ID to be used. For example, when the ID management unit 431 issues a one-time ID, the ID management unit 431 determines a use condition for the one-time ID.

  For example, the use condition includes a time condition in which the one-time ID can be used. In this case, the one-time ID can be used only within the determined time. Further, for example, the use condition includes a condition of the number of times that the one-time ID can be used. In this case, the one-time ID can be used only for the determined number of times. Further, for example, the use condition includes a condition of an area where the one-time ID can be used. In this case, the one-time ID can be used only within the determined area.

(Search unit 433)
The search unit 433 searches for information corresponding to the one-time ID. For example, the search unit 433 searches for key identification information corresponding to the one-time ID. More specifically, for example, when the one-time ID transmitted by the settlement server 300-3 is received by the one-time ID management server 400, the search unit 433 determines the validity of the one-time ID. That is, the search unit 433 determines whether or not the usage condition for the one-time ID is satisfied. If the one-time ID is valid (that is, if the use condition is satisfied), the search unit 433 uses the lookup table stored in the storage unit 420 to obtain the key identification information corresponding to the one-time ID. Search for. Then, the search unit 433 causes the communication unit 410 to transmit the searched key identification information to the settlement server 300-3.

<3.2.2. Payment Server Configuration>
Next, an example of the configuration of the settlement server 300-3 will be described with reference to FIG. FIG. 13 is a block diagram illustrating an example of a configuration of a settlement server 300-3 according to the third embodiment. Referring to FIG. 13, the settlement server 300-3 includes a communication unit 313, a storage unit 321, and a processing unit 350.

  Here, the storage unit 321 and the decryption unit 333 and the settlement processing unit 335 of the processing unit 350 are not different between the second embodiment and the third embodiment. Therefore, here, the information acquisition unit 351 of the communication unit 313 and the processing unit 350 will be described.

(Communication unit 313)
The communication unit 313 communicates with the terminal device 100-3 and the member store device 200.

  More specifically, as in the second embodiment, when the payment information encrypted by the terminal device 100-3 is provided to the member store device 200, the communication unit 313 encrypts the corresponding information. Payment information is received from the member store apparatus 200. For example, the communication unit 313 receives the transaction ID and the transaction information from the member store apparatus 200 together with the encrypted payment information.

  Further, in the third embodiment, unlike the second embodiment, the communication unit 313 receives a one-time ID that uniquely identifies key identification information from the terminal device 100-3. Further, for example, the communication unit 313 receives a transaction ID from the terminal device 100-3 together with the one-time ID.

  In the third embodiment, the communication unit 313 further communicates with the one-time ID management server 400. Specifically, the communication unit 313 transmits the one-time ID received from the terminal device 100-3 to the one-time ID management server 400. Further, the communication unit 313 receives key identification information corresponding to the transmitted one-time ID from the one-time ID management server 400.

(Information acquisition unit 351)
Similar to the second embodiment, the information acquisition unit 351 acquires the payment information encrypted by the terminal device 100-3. For example, the information acquisition unit 351 acquires a transaction ID and transaction information together with the encrypted payment information.

  In the third embodiment, unlike the second embodiment, the information acquisition unit 351 acquires a one-time ID that uniquely identifies key identification information. More specifically, when the one-time ID is received from the terminal device 100-3, the information acquisition unit 341 acquires the one-time ID. Moreover, the information acquisition part 341 acquires transaction ID with the said key identification information.

  Furthermore, the information acquisition unit 351 acquires key identification information using the acquired one-time ID. More specifically, for example, when acquiring the one-time ID, the information acquisition unit 351 causes the communication unit 313 to transmit the one-time ID to the one-time ID management server 400. Then, the key identification information corresponding to the one-time ID is transmitted from the one-time ID management server 400 to the settlement server 300-3, and the information acquisition unit 351 acquires the received key identification information.

  Further, as in the second embodiment, the information acquisition unit 351 acquires key information using the key identification information.

  Similarly to the second embodiment, the information acquisition unit 351 provides the encrypted payment information and key information corresponding to the encrypted payment information to the decryption unit 333. Further, the information acquisition unit 351 provides the transaction information together with the transaction ID to the settlement processing unit 335.

<< 3.3. Process flow >>
Next, an example of information processing and one-time ID issuing processing according to the third embodiment will be described with reference to FIGS. 14 and 15.

(Information processing)
First, an example of information processing according to the third embodiment will be described. FIG. 14 is a sequence diagram illustrating an example of a schematic flow of information processing according to the third embodiment.

  Here, steps S651, S653, S655, S657, which are differences between an example of information processing according to the second embodiment described with reference to FIG. 9 and an example of information processing according to the third embodiment, Only S659 will be described.

  In step S651, the long distance communication unit 123 of the terminal device 100-3 transmits the one-time ID and the transaction ID that uniquely identify the key identification information to the settlement server 300-3.

  In step S653, the communication unit 313 of the settlement server 300-3 transmits the one-time ID received from the terminal device 100-3 to the one-time ID management server 400.

  In step S655, the search unit 433 of the one-time ID management server 400 determines the validity of the one-time ID. If the one-time ID is valid, in step S657, the search unit 433 of the one-time ID management server 400 uses the lookup table stored in the storage unit 420 to identify key identification information corresponding to the one-time ID. Search for. Thereafter, in step S659, the communication unit 410 of the one-time ID management server 400 transmits the searched key identification information to the settlement server 300-3.

(One-time ID issuance process)
Next, an example of a one-time ID issuing process according to the third embodiment will be described. FIG. 15 is a sequence diagram illustrating an example of a schematic flow of a one-time ID issuance process according to the third embodiment.

  In step S701, the long-distance communication unit 123 of the terminal device 100-3 transmits key identification information to the one-time ID management server 400.

  In step S703, the ID management unit 431 of the one-time ID management server 400 issues a one-time ID. In step S705, the ID management unit 431 of the one-time ID management server 400 determines the usage conditions for the issued one-time ID. In step S707, the storage unit 420 of the one-time ID management server 400 stores the key identification information in association with the issued one-time ID. As a result, the issued one-time ID becomes a one-time ID that uniquely identifies the key identification information. In step S709, the communication unit 410 of the one-time ID management server 400 transmits the issued one-time ID to the terminal device 100-3.

  In step S711, the storage unit 133 of the terminal device 100-3 stores the received one-time ID. Then, the process ends.

  The third embodiment has been described above. According to the third embodiment, not the key information and the key identification information but a one-time ID that uniquely identifies the key identification information is transmitted from the terminal device 100-3 to the settlement server 300-3. Therefore, the risk that the key information and the key identification information are leaked in the communication path from the terminal device 100-3 to the settlement server 300-3 can be avoided. That is, only a one-time ID with a use condition (a one-time ID used only for a limited time, number of times, area, etc.) can be leaked from the terminal device 100-3 or from the communication channel. . Therefore, when information leaks from the terminal device 100-3 or the communication path, it is possible to reduce the risk of being used for settlement by a malicious third party.

  In addition, for example, when the above usage conditions include a time condition in which a one-time ID can be used, the use by a malicious third party is limited to a limited time. can do. In addition, for example, when the use condition includes a condition of the number of times that a one-time ID can be used, the use by a malicious third party is limited to a limited number of times. be able to. In addition, for example, when the use condition includes a condition of an area where the one-time ID can be used, it is used only within a limited area that the account is used for settlement by a malicious third party. Can be limited to.

<<< 4. Fourth embodiment >>
Next, a fourth embodiment of the present disclosure will be described. Thereafter, << 4.1. Configuration of information processing system >>, << 4.2. Configuration of each device >>, << 4.3. The fourth embodiment will be described in the order of process flow >>.

<< 4.1. Configuration of information processing system >>
First, a schematic configuration of an information processing system according to the fourth embodiment will be described with reference to FIG. FIG. 16 is an explanatory diagram illustrating an example of a schematic configuration of an information processing system according to the fourth embodiment. Referring to FIG. 16, the information processing system includes a terminal device 100-4, a member store device 200, and a payment server 300-4. In particular, in the fourth embodiment, the information processing system further includes a mediation server 500.

  In the fourth embodiment, the terminal device 100-4 communicates with the mediation server 500 via, for example, the wireless communication network 10 of the communication carrier that provides the wireless communication service to the terminal device 100-4. For example, the terminal device 100-4 communicates with the mediation server 500 via the Internet 20 in addition to the wireless communication network 10. In addition, the member store apparatus 200 communicates with the mediation server 500 via the Internet 20, for example. The mediation server 500 communicates with the settlement server 300-4 via the Internet 20, for example. Further, the terminal device 100-4 and the member store device 200 perform any communication other than wireless communication in the network 10, for example.

  When a transaction is performed at a member store, the payment information (for example, card information, password, etc.) is encrypted by the terminal device 100-4. Then, the encrypted settlement information is provided to the member store apparatus 200. Then, the encrypted payment information is transmitted to the mediation server 500 by the member store apparatus 200. Also, key information for decrypting the settlement information is transmitted to the intermediary server 500 by the terminal device 100-4. Then, the encrypted settlement information is decrypted by the mediation server 500 using the key information. Then, the decrypted payment information is transmitted to the payment server 300-4 by the mediation server 500.

  That is, in the fourth embodiment, unlike the first embodiment, the device that decrypts the encrypted payment information is the mediation server 500. In the fourth embodiment, the key information itself is transmitted from the terminal device 100-4 to the intermediary server 500 as information that enables the use of key information for decrypting the encrypted payment information. . As described above, the fourth embodiment can also be regarded as a modification of the first embodiment.

  Hereinafter, << 4.2. Configuration of each device >> and << 4.3. More specific contents will be described in the flow of processing >>.

<< 4.2. Configuration of each device >>
Next, the configuration of each of the mediation server 500 and the settlement server 300-4 according to the fourth embodiment will be described with reference to FIGS.

  The configuration of the terminal device 100-4 according to the fourth embodiment is the same as that of the first embodiment except that the key information and the transaction ID are transmitted to the mediation server 500 instead of the settlement server 300-4. The configuration is the same as that of 100-1.

  Further, the configuration of the member store apparatus 200 according to the fourth embodiment also transmits the encrypted settlement information, transaction ID, and transaction information to the mediation server 500 instead of the settlement server 300-4, and decryption. The configuration is the same as that of the member store apparatus 200 of the first embodiment except that the result is received from the mediation server 500 instead of the settlement server 300-4.

<4.2.1. Payment Server Configuration>
An example of the configuration of the mediation server 500 will be described with reference to FIG. FIG. 17 is a block diagram illustrating an example of a configuration of the mediation server 400 according to the fourth embodiment. Referring to FIG. 17, the mediation server 400 includes a communication unit 510, a storage unit 520, and a processing unit 530.

(Communication unit 510)
The communication unit 510 communicates with the terminal device 100-4, the member store device 200, and the payment server 300-4.

  More specifically, when the payment information encrypted by the terminal device 100-4 is provided to the member store apparatus 200, the communication unit 510 sends the encrypted payment information from the member store apparatus 200. Receive. For example, the communication unit 510 receives the transaction ID and the transaction information from the member store apparatus 200 together with the encrypted payment information.

  Further, the communication unit 510 receives key information for decrypting the encrypted payment information from the terminal device 100-4. For example, the communication unit 510 receives a transaction ID from the terminal device 100-4 together with the key information.

  In addition, the communication unit 510 transmits the decrypted payment information, transaction ID, and transaction information to the payment server 300-4.

(Storage unit 520)
The storage unit 520 stores a program and data for the operation of the mediation server 500. The storage unit 520 includes a storage medium such as a hard disk or a semiconductor memory.

(Processing unit 530)
The processing unit 530 provides various functions of the mediation server 500. For example, the processing unit 530 corresponds to a processor such as a CPU or a DSP, and provides the various functions described above by executing a program stored in the storage unit 520 or another storage medium. The processing unit 530 includes an information acquisition unit 531, a decryption unit 533, and a control unit 535.

(Information acquisition unit 531)
The information acquisition unit 531 operates in substantially the same manner as the information acquisition unit 331 of the settlement server 300-1 of the first embodiment.

  The information acquisition unit 531 acquires payment information encrypted by the terminal device 100-4. For example, the information acquisition unit 531 acquires a transaction ID and transaction information together with the encrypted payment information.

  More specifically, for example, when the payment information, transaction ID, and transaction information encrypted by the terminal device 100-4 are received from the member store device 200, the information acquisition unit 531 is encrypted. Settlement information, the transaction ID, and the transaction information are acquired.

  The information acquisition unit 531 acquires key information for decrypting the encrypted payment information. More specifically, when the key information is received from the terminal device 100-4, the information acquisition unit 531 acquires the key information. Moreover, the information acquisition part 531 acquires transaction ID with the said key information.

  More specifically, for example, when the key information and the transaction ID are received from the terminal device 100-4, the information acquisition unit 531 acquires the key information and the transaction ID.

  The information acquisition unit 531 provides the encrypted payment information and key information corresponding to the encrypted payment information to the decryption unit 533. More specifically, for example, when the transaction ID acquired together with the encrypted payment information matches the transaction ID acquired together with the key information, the information acquisition unit 531 performs the encrypted payment. The set of business information and the key information is provided to the decryption unit 533 together with the transaction ID.

  Moreover, the information acquisition part 531 provides transaction information to the control part 535 with transaction ID.

(Decoding unit 533)
The decryption unit 533 operates in the same manner as the decryption unit 333 of the settlement server 300-1 of the first embodiment.

  The decryption unit 533 decrypts the encrypted payment information using the key information. For example, the decryption unit 533 converts the payment information encrypted by an algorithm of a predetermined encryption method (for example, a common key encryption method or a public key encryption method) into the key information (for example, a common key or a secret key). ) To decrypt. Then, the decryption unit 533 provides the decrypted payment information to the control unit 535 together with the transaction ID.

(Control unit 535)
The control unit 535 controls the mediation server 500 so as to provide the decrypted payment information to the payment server 300-4. Specifically, for example, the control unit 535 causes the communication unit 510 to transmit the decrypted payment information to the payment server 300-4. Further, the control unit 535 causes the communication unit 510 to transmit the transaction ID and the transaction information together with the decrypted payment information to the payment server 300-4.

<4.2.2. Payment Server Configuration>
Next, an example of the configuration of the settlement server 300-4 will be described with reference to FIG. FIG. 18 is a block diagram illustrating an example of a configuration of a settlement server 300-4 according to the fourth embodiment. Referring to FIG. 18, the settlement server 300-4 includes a communication unit 315, a storage unit 320, and a processing unit 360.

  Here, there is no difference between the storage unit 320 and the settlement processing unit 335 of the processing unit 360 between the first embodiment and the fourth embodiment. Therefore, here, the information acquisition unit 361 of the communication unit 315 and the processing unit 360 will be described.

(Communication unit 315)
The communication unit 315 communicates with the mediation server 500. More specifically, the communication unit 315 receives the decrypted payment information from the mediation server 500. For example, the communication unit 315 receives the transaction ID and the transaction information from the mediation server 500 together with the decrypted payment information.

  For example, the communication unit 315 communicates with the member store apparatus 200. More specifically, the communication unit 315 communicates with the member store device 200 for notification of payment verification results, acquisition of payment confirmation results, and the like.

(Information acquisition unit 361)
The information acquisition unit 361 acquires the payment information decrypted by the mediation server 500. For example, the information acquisition unit 361 acquires a transaction ID and transaction information together with the decrypted payment information.

  More specifically, for example, when the settlement information, transaction ID, and transaction information decrypted by the mediation server 500 are received from the mediation server 500, the information acquisition unit 361 includes the decrypted settlement information, Obtain a transaction ID and the transaction information. The information acquisition unit 361 provides the settlement processing unit 335 with the decrypted settlement information, the transaction ID, and the transaction information.

<< 4.3. Process flow >>
Next, an example of information processing according to the fourth embodiment will be described with reference to FIG. FIG. 19 is a sequence diagram illustrating an example of a schematic flow of information processing according to the fourth embodiment.

  Here, steps S671, S673, S675, S677, which are differences between the example of the information processing according to the first embodiment described with reference to FIG. 5 and the example of the information processing according to the fourth embodiment, Only S679 and S681 will be described.

  In step S671, the long-distance communication unit 220 of the member store apparatus 200 transmits the encrypted settlement information, transaction ID, and transaction information to the mediation server 500.

  In step S673, the long-distance communication unit 120 of the terminal device 100-4 transmits the key information and the transaction ID for decrypting the encrypted payment information to the mediation server 500.

  In step S675, the decryption unit 533 of the mediation server 500 decrypts the encrypted payment information using the key information. In step S677, the communication unit 510 of the mediation server 500 transmits the decrypted settlement information, transaction ID, and transaction information to the settlement server 300-4. In step S679, communication unit 510 of mediation server 500 transmits the transaction ID and the decryption result to member store apparatus 200.

  In step S681, the communication unit 315 of the settlement server 300-4 transmits the transaction ID and the verification result to the member store apparatus 200.

  The fourth embodiment has been described above. According to the fourth embodiment, the mediation server 500, not the settlement server 300-4, decrypts the encrypted settlement information. Therefore, by installing the mediation server 500, it is possible to introduce a mechanism for concealing the information on the user side used for the settlement of the transaction in the transaction at the store without changing the settlement server 300-4. It becomes possible. Further, since it is not necessary for each settlement server 300-4 to have a decryption function, when the mediation server performs decryption for a plurality of settlement servers, decryption can be efficiently performed as a whole. .

  As mentioned above, although preferred embodiment of this indication was described referring an accompanying drawing, it cannot be overemphasized that this indication is not limited to the example concerned. It will be apparent to those skilled in the art that various changes and modifications can be made within the scope of the claims, and these are naturally within the technical scope of the present disclosure. Understood.

  For example, user identification information (for example, card information) in the payment information may be input at any time without being stored in the terminal device. The user identification information may be read by a card reader.

  Further, the authentication information (for example, the password) may be stored in the terminal device without being input at any time.

  Further, the payment information may not be encrypted every time the transaction is settled. For example, the encrypted payment information may be stored in the terminal device, and the encrypted payment information may be provided to the member store device.

  Further, the transaction ID may be issued not by the member store device but by the terminal device.

  Further, the authentication information included in the payment information is not limited to the personal identification number. For example, the authentication information included in the payment information may be other information that can be used for authentication. For example, the authentication information may be a password, or biometric information such as fingerprint information, vein information, or retina information.

  When the key information, key identification information, or one-time ID is transmitted by the terminal device, the authentication information may be transmitted together with the key information, key identification information, or one-time ID. Only when the authentication information is correct, key information, key identification information, or a one-time ID may be used. The authentication information may be the same as the authentication information included in the payment information, or may be different information.

  The mediation server is not limited to the case where the key information itself is transmitted by the terminal device, but when the key identification information for uniquely identifying the key information is transmitted by the terminal device (that is, the second embodiment). May also be used. The mediation server may also be used when a one-time ID that uniquely identifies key identification information is transmitted by the terminal device (that is, the third embodiment).

  The mediation server may communicate with the settlement server without going through the Internet. For example, the mediation server may communicate with a settlement server within a LAN (local area network). Further, the mediation server and the settlement server may be implemented as separate software in the same device.

  Further, the processing steps in the information processing of the present specification do not necessarily have to be executed in time series in the order described in the flowchart. For example, the processing steps in the information processing may be executed in an order different from the order described in the flowchart, or may be executed in parallel.

  There is also a computer program for causing hardware such as a CPU, a ROM, and a RAM built in a terminal device and a communication device (for example, a settlement server) to exhibit functions equivalent to the configurations of the terminal device and the communication device. Can be created. A storage medium storing the computer program is also provided.

DESCRIPTION OF SYMBOLS 10 Wireless communication network 20 Internet 100 Terminal device 110 Short distance communication part 120, 121, 123 Long distance communication part 130, 131, 133 Storage part 140 Input part 150, 160, 170 Processing part 151 Payment information acquisition part 153 Encryption part 155, 165, 175 Control unit 200 Member store device 210 Short range communication unit 220 Long range communication unit 230 Storage unit 240 Input unit 250 Processing unit 251 Transaction ID issuing unit 253 Transaction information acquisition unit 255 Control unit 300 Payment server 310, 311 313, 315 Communication unit 320, 321 Storage unit 330, 340, 350, 360 Processing unit 331, 341, 351, 361 Information acquisition unit 333 Decoding unit 335 Settlement processing unit 400 One-time ID management server 410 Communication unit 420 Storage unit 430 Processing Part 4 1 ID management unit 433 search unit 500 intermediary server 510 a communication unit 520 storage unit 530 processing unit 531 information acquisition unit 533 decoding unit 535 control unit

Claims (14)

An acquisition unit for acquiring payment information including user identification information for uniquely identifying the user in the payment of the transaction between the user and the member store;
An encryption unit for encrypting the payment information;
A providing unit for providing the encrypted payment information to the member store apparatus;
Communication for transmitting information enabling key information for performing decryption of the encrypted settlement information and transaction identification information for uniquely identifying the transaction to another device performing the decryption And
With
The encrypted information for payment is transmitted to the other device by the device of the member store together with the transaction identification information, and decrypted by using the key information by the other device.
Terminal device. The terminal device according to claim 1, wherein the payment information further includes authentication information for authenticating the user. The information to be available the key information is the key information, the terminal device according to claim 1 or 2. The information for making the key information available is information for making available key identification information for uniquely identifying the key information,
The key information is stored in association with the key identification information, and is acquired by the other device using the key identification information.
The terminal device according to claim 1 or 2 . The terminal device according to claim 4 , wherein the key identification information is the user identification information or the another user identification information. The information to be available the key information is the key identification information, the terminal device according to claim 4 or 5. The information to be available the key information is identification information that can be used under a predetermined condition, which is the identification information for uniquely identifying the key identification information, according to claim 4 Or the terminal device of 5 . The terminal device according to claim 7 , wherein the predetermined condition includes a time condition in which the identification information can be used. The terminal device according to claim 7 or 8 , wherein the predetermined condition includes a condition of the number of times that the identification information can be used. The terminal device according to any one of claims 7 to 9 , wherein the predetermined condition includes a condition of an area where the identification information can be used. The communication unit via a wireless communication network of a communication carrier that provides a wireless communication service to the terminal device, and transmits the information to make available to the key information to the another apparatus, according to claim 1 to 1 0 The terminal device according to any one of the above. The user identification information is card card information to be used in the payment terminal device according to any one of claims 1 to 1 1. A computer for controlling the terminal device,
An acquisition unit for acquiring payment information including user identification information for uniquely identifying the user in the payment of the transaction between the user and the member store;
An encryption unit for encrypting the payment information;
Information for controlling the terminal device so as to provide the encrypted payment information to the member store's device, and enabling use of key information for decrypting the encrypted payment information ; And a control unit for controlling the terminal device so as to transmit transaction identification information for uniquely identifying the transaction to another device that performs the decryption,
Function as
The encrypted information for payment is transmitted to the other device by the device of the member store together with the transaction identification information, and decrypted by using the key information by the other device.
program. Payment information including user identification information for uniquely identifying the user in the transaction payment between the user and the member store, wherein the payment information encrypted by the terminal device is When provided to the member store apparatus, the encrypted payment information and transaction identification information for uniquely identifying the transaction are received from the member store apparatus, and the encrypted payment is received. Information for enabling use of key information for decrypting information for use , and a communication unit for receiving the transaction identification information from the terminal device;
A decryption unit for decrypting the encrypted payment information using the key information;
A communication device comprising:

Images