JP6754750B2 - Program, information processing device, card information processing method - Google Patents

Description

The present invention relates to a program, an information processing device, and a card information processing method.

Various cards may be used when purchasing goods and services. For example, a credit card is used for payment, and a point card is used at a store that gives points to purchases and gives discounts according to the points in subsequent shopping. However, as represented by the card number held by the credit card, the card may hold confidential information. In recent years, crimes that misuse confidential card information have increased, and stores that handle cards are required to take sufficient security measures for card information. For example, there is a standard called PCI DSS (Payment Card Industry Data Security Standard) as a security standard for card information.

When security is strengthened, if there is a possibility that the card may contain confidential information in the processing of the card through POS (Point Of Sales) at the store, the POS application or customer system (for example, the head office side that operates the store) Security measures are required only when confidential information passes through the system).

Encrypting card information can be considered as one of the methods for enhancing security (see, for example, Patent Document 1). Patent Document 1 describes a system in which an input device that receives a non-payment card industry acquires data from a user card, controls the masking level of the data, and transmits the data having the controlled masking level to the POS client. It is disclosed. Therefore, in the technique described in Patent Document 1, when the input device acquires the data of the user card, the data can be masked according to the white list, the highly confidential information is concealed, and the less concealed information is disclosed. Can be used for processing as it is in plain text.

However, the technique described in Patent Document 1 has a problem that it is costly to introduce it into an existing POS terminal of a store. For example, the cost may increase because the software of the input device or at least the POS terminal needs to be updated. Further, for example, when the whitelist is changed, it is necessary to update the whitelist used by all the input devices in the store, which may increase the cost or take a long time to respond.

In view of the above problems, an object of the present invention is to provide a program capable of suppressing an increase in cost and enhancing the security of card information.

In view of the above problems, the present invention uses a terminal device for acquiring card information or an information processing device for acquiring the card information from a second information processing device as a card information acquisition means for acquiring the encrypted card information. , The decryption means for decoding the card information acquired by the card information acquisition means, the confidentiality determination means for determining whether or not the card information decoded by the decoding means is confidential, and the confidentiality determination means. When it is determined that there is confidentiality, the information processing means for associating the data portion having confidentiality with the identification information, and when it is determined that there is confidentiality by the confidentiality determination means, the data portion having no confidentiality is present. And the identification information is returned to the terminal device or the second information processing device, and when it is determined by the confidentiality determination means that there is no confidentiality, the card information decoded by the decoding means is used in the terminal device or the second information processing device. Provided is a program that functions as a return means for returning to the second information processing apparatus.

It is possible to provide a program that can suppress an increase in cost and enhance the security of card information.

This is an example of a diagram for explaining the outline of the operation of the information management system. This is an example of a schematic configuration diagram of an information management system. This is an example of a hardware configuration diagram of a system with information support. This is an example of a functional block diagram showing the functions of the POS terminal, the customer system, and the system with information correspondence possessed by the information management system in a block shape (processing up to conversion of card information into identification information). This is an example of a functional block diagram showing the functions of the POS terminal, the customer system, and the system with information correspondence possessed by the information management system in a block shape (processing after conversion of card information into identification information). It is an example of the figure explaining the information stored in the card. It is a figure which shows typically the information stored in the card information DB. It is an example of the figure explaining how the card number and the identification information are handled. This is an example of a sequence diagram showing a means for a POS terminal to transmit card information and acquire return information. This is an example of a sequence diagram showing a procedure in which a POS terminal requests processing from a customer system. A sequence diagram is shown when the return information is not transmitted to the POS terminal and is directly processed by the customer system. This is an example of a sequence diagram showing a means for a POS terminal to transmit card information and acquire return information (without a customer system). This is an example of a sequence diagram showing a procedure in which a POS terminal requests processing from an information-enabled system (without a customer system). This is an example of a sequence diagram showing a procedure for a system with information correspondence to delete card information. This is an example of a sequence diagram of a procedure in which the utility charge system does not request deletion when the utility charge is settled. This is an example of a sequence diagram showing a procedure in which a system with information correspondence deletes card information when a customer withdraws from the membership or the contract period has expired. It is an example of the figure explaining the outline of the operation of the information management system (Example 2). This is an example of a functional block diagram showing the functions of the information management system in a block shape (processing up to conversion of card information into identification information). This is an example of a functional block diagram showing the functions of the information management system in a block shape (processing after conversion of card information into identification information). This is an example of a diagram for explaining how the card number and the user identification information are handled (Example 2). This is an example of a sequence diagram showing a means for a POS terminal to transmit card information and acquire return information (Example 2).

Hereinafter, as an example of the embodiment for carrying out the present invention, a card information processing method and the like performed by the information processing system will be described with reference to the drawings.

<Outline of information management system>
FIG. 1 is an example of a diagram illustrating an outline of the operation of the information management system. In FIG. 1, the case where the card 8 is used at the cash register of the store 9 will be described. First, the total price of each product purchased by the customer is calculated, and the customer presents the card 8. As shown in FIG. 1A, the clerk or the customer causes the card 8 to be read by the input device (card reader 10a) of the POS (Point Of Sales) terminal 10.

FIG. 1B shows the processing after reading the card information.
(1) When the card information is read, the input device of the POS terminal 10 encrypts the card information.
(2) The POS terminal 10 transmits the encrypted card information to the information correspondence system 50.
(3) The information correspondence system 50 first decodes the card information.
(4) Next, the information correspondence system 50 determines the type of the card 8 with reference to the card type determination information (determination table described later). When it is determined that the type of the card 8 is a card containing information to be concealed, the information correspondence system 50 determines which part of the card information is concealed and further acquires other attribute information. A typical example of a type of card 8 including confidential information is a credit card. The credit card number is a number that enables shopping with a credit card (for example, a 4-digit x 4 = 16-digit card number, a 3-digit number called a security code, and an expiration date) and is highly confidential (for example). An example of a confidential data part.).
(5) Further, when it is determined that the type of card contains confidential information, the information correspondence system 50 generates identification information whose uniqueness is guaranteed, and holds the identification information and the card information in association with each other. To do. As a result, in the information correspondence system 50, if the identification information is obtained, the card information can be used.
(6a) When it is determined that the card type includes confidential information, the information correspondence system 50 transfers the card type, identification information, and additional information (an example of a non-confidential data portion) to the POS terminal 10. Send. Since the identification information is transmitted as if the card number was replaced, the POS terminal 10 receives the identification information as the card number.
(6b) When it is determined that the card type does not include the information to be kept secret, the information handling system 50 transmits the card type and the decrypted card information to the POS terminal 10. Therefore, in this case, the card information is encrypted by the input device, decrypted by the information correspondence system 50, and then returned.

Since the POS terminal 10 acquires, for example, a card type that is a credit card when a credit card is used and identification information replaced with a card number, after that, sales processing by the credit card is performed as in the conventional business. It can be performed. In addition, for example, when a mere point card is used, the card type that the point card is used and the card information are acquired. Therefore, after that, points can be added according to the purchase amount as in the conventional business. it can.

Further, as described above, since the card information is encrypted by the input device of the POS terminal 10, security measures are taken when passing through the software portion of the POS terminal 10 (for example, the input / output device 12 of FIG. 2). ing. When the card containing the confidential information is read, the POS terminal 10 receives the identification information from the information correspondence system 50, but since the identification information is not the card number, no special security measure is required. The information-enabled system 50 holds card information, but security measures conforming to security standards such as PCI DSS are taken in the information-enabled system 50. Further, in the present embodiment, since the input device does not need to have the determination table 63, the store can continuously use the POS terminal 10 by replacing it with an input device having an encryption function, which increases the cost. Easy to suppress. The input device has an encryption function originally, is replaced with one having an encryption function, or has an external encryption function.
Further, even when a new card is distributed, the card type determination information (determination table described later) in the system 50 with information correspondence may be updated, so that the store side (input device and POS terminal) does not need to individually respond. , It is possible to respond early when a new handling card 8 is added.

<Terminology>
Being a type of card containing confidential information means that the card information read from this card contains confidential information. Card information refers to information held by the card and readable from the outside.

In addition, confidentiality means that it should not be disclosed or notified to others. Since the criteria for determining the presence or absence of confidentiality are not always constant, confidential information may be referred to as predetermined information.

<Configuration example>
FIG. 2 shows an example of a schematic configuration diagram of the information management system 100. The information management system 100 has two forms as an example. One is a form having a POS terminal 10 of a store 9, a customer system 30, and a system with information correspondence 50 as shown in FIG. 2 (a), and the other is as shown in FIG. 2 (b). , A form having a POS terminal 10 of a store 9 and a system 50 with information correspondence.

In the form of FIG. 2A, for example, the customer system 30 is connected to many stores 9, and the customer system 30 collectively performs sales, inventory order management, collection of accounts receivable, etc. of each store 9. The POS terminal 10 of the store 9 is connected to the customer system 30 via a network or a dedicated line, and the information of the POS terminal 10 is transmitted to the customer system 30. The network may be a virtual private line such as VPN (Virtual Private Network) as long as the POS terminal 10 and the customer system 30 can communicate with each other. Such a relationship between the store and the customer system 30 has been known conventionally.

One or more POS terminals 10 are installed in the store 9. The POS terminal 10 calculates the total price of the product, reads the card and makes a payment (a point card is used, but if the price is paid in cash, a change is withdrawn for the input of money). It is also a terminal device for printing receipts. The POS terminal 10 further includes an input device 11 and an input / output device 12.

The input device 11 is a reading device that reads card information. Specifically, it is a device that reads a magnetic stripe, a reader that reads an IC chip of a card 8, and the like. The input / output device 12 uses the information processing device as an entity to execute software (application) that provides a function required for the cash register terminal. In addition, various hard keys or touch panels that accept operations such as inputting product information (reading barcodes), selecting products from touch panels, calculating the total price, making payments, inserting cash and paying out change are available. Have. It is assumed that the POS terminal 10 has a general configuration. As described above, since the input / output device 12 is an information processing device that executes a general OS, it may be attacked by various types of malware, and security measures are required when handling card information. On the other hand, since the input device 11 rarely operates the function of the information processing device or at least a general OS, it is less likely to be attacked by malware or the like.

The customer system 30 is an information system necessary for a company that has opened a store 9 to operate daily operations. Therefore, the customer system 30 has one or more information processing devices. A system 31, B system 32, and C system 33 are shown as examples of the customer system 30, but these are a POS system, an inventory / order management system, an accounts receivable management system, and the like as examples. The customer system 30 performs payment and processing using the result of payment. It may have other systems, or it may not have one or more of A system to C system.

The A system 31 (POS system) performs payment processing using the card number and amount (product price and consumption tax) transmitted from the POS terminal 10. The B system 32 (inventory / order management system) updates the number of inventories due to the sale of products, and places an order with the manufacturer when the number of inventories falls below the threshold value. The C system 33 (accounts receivable management system) manages the collection of accounts receivable for goods and services sold by credit card. In this way, the customer system 30 performs various operations using the information from the POS terminal 10.

In the configuration as shown in FIG. 2A, when there is a possibility that the card information that has passed through the input device 11 of the store 9 includes confidential information (for example, a credit card card number), the input / output device 12 and the customer system 30 Security measures are required when passing through. For example, credit card numbers need to be secured in compliance with the PCI DSS security standard. When the store 9 handles a credit card and a point card that holds information with low confidentiality, the POS terminal 10 and the customer system 30 have security even if the POS terminal 10 determines whether or not the credit card has been read. Must meet requirements.

Even if the input device 11 encrypts the card information, the customer system 30 must decrypt the card information in order to sell using the card information, and the decryption key must be managed. In this case, it is necessary to comply with PCI DSS, and the customer system 30 needs to bear a large amount of security measures and operating costs. On the other hand, if card information encrypted by a method that meets security requirements simply passes through a system that does not have a decryption function, information that requires PCI DSS compliance is treated as non-retention equivalent.

In the present embodiment, the key management is performed by the information correspondence system 50, thereby reducing the burden on the customer system 30 side. Therefore, in the present embodiment, the customer system 30 can communicate with the information correspondence system 50 via a network or a dedicated line. Therefore, the POS terminal 10 and the information correspondence system 50 communicate indirectly. The information handling system 50 is one or more information processing devices that hold card information and identification information in association with each other. Since the information correspondence system 50 holds the card information, the customer system 30 does not need to comply with PCI DSS. Since the information-enabled system 50 communicates with many customer systems 30 and performs the same processing, it is possible to cover the cost even if it complies with PCI DSS.

The customer system 30 and the information-enabled system 50 may be compatible with cloud computing. Cloud computing refers to a usage pattern in which resources on a network are used without being aware of specific hardware resources.

The form of FIG. 2B is a form in which the customer system 30 does not exist. The POS terminal 10 of the store and the system 50 with information correspondence directly communicate with each other via the network. The network is constructed by a LAN constructed in a store 9 or the like where the POS terminal 10 is installed, a provider network of a provider that connects the LAN to the Internet, a line provided by a line operator, and the like. The network N may have a plurality of LANs or may be called a WAN. Also, the network may include the Internet. The network may be constructed either wired or wireless, and may be a combination of wired and wireless. Further, when the POS terminal 10 directly connects to the public network, it can be connected to the provider network without going through a LAN. Alternatively, communication may be performed via a dedicated line.

In the form of FIG. 2B, the customer system 30 is unnecessary because the clerk of the store 9 works in place of the customer system 30. The clerk manages the amount of goods and services output by the POS terminal 10 and the consumption tax with a PC (Personal Computer) or the like, and places an order by visually checking the number of inventories. You will also collect accounts receivable yourself. Therefore, the customer system 30 is not essential. It should be noted that the form shown in FIG. 2B is often found in relatively small stores 9. The POS terminal 10 does not have to be the POS terminal 10 dedicated to the cash register, and for example, a PC, a tablet terminal, a smartphone, a handy terminal, or the like may realize the function as the POS terminal 10 by executing an application as an information processing device.

<Hardware configuration example>
FIG. 3 shows an example of the hardware configuration of the information support system 50. The information-enabled system 50 can be implemented as a personal computer, workstation, or appliance server. The information-enabled system 50 includes a CPU 201 and a memory 202 that enables high-speed access to data used by the CPU 201. The CPU 201 and the memory 202 are connected to other devices or drivers of the information-enabled system 50, such as the graphics driver 204 and the network device (NIC) 205, via the system bus 203.

The graphics driver 204 is connected to the LCD (Liquid Crystal Display) 206 via a bus to monitor the processing result by the CPU 201. A touch panel may be integrally arranged on the LCD 206. In this case, the user can operate the information correspondence system 50 by using a finger as an operation means.

Further, the network driver 205 connects the system 50 with information correspondence to the network N at the transport layer level and the physical layer level to establish a session with the customer system 30 or the POS terminal 10.

An I / O bus bridge 207 is further connected to the system bus 203. A storage device such as HDD 209 is connected to the downstream side of the I / O bus bridge 207 by IDE, ATA, ATAPI, serial ATA, SCSI, USB, etc. via an I / O bus 208 such as PCI. .. You may have SSD (Solid State Drive) instead of HDD 209 or together with HDD 209.

The HDD 209 stores a program 209p that controls the entire system 50 with information support. Further, an input device 210 such as a keyboard and a mouse (called a pointing device) may be connected to the I / O bus 208 via a bus such as USB.

It is assumed that the hardware configuration diagram of the customer system 30 is the same as that of FIG. 3, or even if there is a difference, there is no problem in the explanation of the present embodiment. When the information-enabled system 50 supports cloud computing, the hardware configuration shown in FIG. 3 does not need to be housed in one housing or provided as a group of devices, and information is provided. The hardware elements that the corresponding system 50 preferably has are shown.

<About functions>
-Processing up to conversion of card information into identification information FIG. 4A is an example of a functional block diagram showing the functions of the POS terminal 10, the customer system 30, and the information correspondence system 50 of the information management system 100 in a block shape. is there.

<< POS terminal >>
The POS terminal 10 has an input device 11 and an input / output device 12. First, the input device 11 has a reading unit 21, an encryption unit 22, and a transmitting unit 23. These functions of the POS terminal 10 can be realized by one or more processing circuits. A processing circuit is an ASIC (Application Specific Integrated Circuit), DSP (digital signal processor), FPGA (field programmable gate array), SOC (System on a chip), GPU (Graphics) designed to execute each of these functions. It shall include devices such as Processing Units) and conventional circuit modules. By being implemented in hardware in this way, it is possible to make it less susceptible to attacks such as malware. However, these functions of the input device 11 may be functions or means realized by the CPU executing software.

The reading unit 21 reads the information held by the card 8. The card 8 reads the magnetic stripe, the IC chip, the information printed on the surface, and the card information held by embossing or the like. All readable information may be read, but only some information may be read. In the case of a credit card, at least the card number is read, and in the case of a point card, at least the point card number is read.

The encryption unit 22 encrypts the card information read by the reading unit 21. DUKPT is known as a method in which the input device 11 encrypts (including key delivery). However, any encryption method may be used as long as it has sufficient strength.

The transmission unit 23 transmits the encrypted card information to the input / output device 12. The input device 11 and the input / output device 12 may be integrally configured, or may be connected by a cable such as a USB cable. Either may be used in this embodiment. The input / output device 12 as an information processing device can acquire the encrypted card information. The input device 11 and the input / output device 12 may communicate wirelessly.

The input / output device 12 has a receiving unit 24, a first transmitting unit 25, a second transmitting unit 26, and an information receiving unit 27. These functions possessed by the input / output device 12 are functions or means realized by the CPU of the input / output device 12 executing a program stored in an HDD or the like.

The receiving unit 24 acquires the encrypted card information from the input device 11. The date, time, etc. may be recorded, or a unique reception number, etc. may be assigned. The first transmission unit 25 transmits a determination request including the card information received by the reception unit 24 to the customer system 30. This determination request requests the information handling system 50 to determine the type of the card 8 (that is, whether the card 8 contains confidential information). The transmission of information to the customer system 30 has been conventionally performed as described above, and the first transmission unit 25 makes a judgment request to a predetermined customer system 30 as a destination (for example, a known IP address as a destination). Send.

The information receiving unit 27 receives the return information from the customer system 30. As will be described later, the return information is generated by the information correspondence system 50. The returned information includes the following information.
・ When the card information contains confidential information Card type + identification information + additional information ・ When the card information is non-confidential information Card type + card information The additional information is the characteristics of card 8 (paid member). , Free member), preferential information (point member number, point return rate), and other additional information about the card 8. The non-confidential card information has no additional information because the card information includes (all) information read from the card. However, external information not included in the card may be added regardless of whether it is confidential or not. For example, it may be returned with external information such as information necessary for processing or for issuing a bonus such as a coupon.

The second transmission unit 26 transmits a processing request to the customer system 30. The processing request includes, for example, the following information. The second transmission unit 26 is used in FIG. 4B.
・ When the card information contains confidential information Card type + identification information + amount, etc. ・ When the card information is non-confidential information Card type + card information + amount, etc.
<< Customer System >>
The customer system 30 has a judgment reception unit 34, an information transmission unit 35, a transfer unit 37, and an information receiving unit 38. Each of these functions possessed by the customer system 30 is a function or means realized by the CPU 201 executing the program 209p expanded from the HDD 209 to the memory 202.

The judgment reception unit 34 receives a judgment request from the POS terminal 10. The determination reception unit 34 sends a determination request to the transfer unit 37.

The transfer unit 37 transfers the determination request to the information handling system 50. Since the destination (IP address, etc.) of the information correspondence system 50 is known or connected by a dedicated line, it is transmitted to the information correspondence system 50.

The information receiving unit 38 acquires the above-mentioned return information from the information handling system 50 and sends it to the information transmitting unit 35. Then, the information transmitting unit 35 transmits the return information to the information receiving unit 27. The information transmission unit 35 may acquire information for communicating with the POS terminal 10 as a destination, such as the address of the POS terminal 10, from the judgment reception unit 34.

After receiving the return information, the information receiving unit 38 may directly send the return information to the conventional system described later. That is, the process is started as it is in the customer system 30.

<< System with information support >>
The system 50 with information correspondence includes a card information acquisition unit 52, a decryption unit 53, a card type determination unit 54, an information return unit 56, a card information acquisition unit 57, a processing agency unit 58, a card information update unit 59, and a washing unit 60. It has a token generation unit 61 and an information correspondence unit 62. Each of these functions included in the information correspondence system 50 is a function or means realized by the CPU 201 executing the program 209p expanded from the HDD 209 in FIG. 3 to the memory 202.

Further, the information correspondence system 50 has a determination table 63 and a card information DB 64. These are held in the storage unit constructed in the HDD 209 or the memory 202 of FIG.

FIG. 5 is an example of a diagram for explaining the information stored in the card 8 and the determination table 63. First, as shown in FIG. 5A, the format of the card 8 is determined by a standard or the like. FIG. 5A is a JIS II magnetic stripe format. According to this format, fields such as a start code, an ID mark, a company code, etc., a membership number, a reserve, an expiration date, a reserve, a validity code, an end code, and a verification code are determined. FIG. 5B shows the detailed contents of each field. For example, the card issuing company can be identified by the five digits of the business type code and the company code. In addition, since card issuers include credit card issuers and point card issuers, the types of cards such as credit cards, point cards, gift cards, and friend's association cards can be selected according to the business type code and company code. Be identified. In addition, it is determined whether or not there is a possibility of containing confidential information depending on the type of card.

In addition, each company can set arbitrary information in the field of reserve. For example, the point membership number, the member store customer number, the preferential treatment category, etc. can be freely set. This spare field corresponds to other attribute information (everything other than confidential information may be used as other attribute information).

FIG. 5C schematically shows the determination table 63. In the determination table 63, the card issuer and the type of the card are associated with the 5-digit business type code + company code. The types of cards include credit cards, point cards, gift cards, and friend's association cards.

From such a determination table 63, if it is known that the type of card is a credit card, it can be seen that the card information also includes confidential information. Further, the determination table 63 also holds information as shown in FIG. 5B, and the card type determination unit 54 can extract information in an arbitrary range of card information. In the case of a credit card, since the membership number and expiration date in FIG. 5B are card numbers, they should be kept secret, and the password is also information that should be kept secret. On the other hand, the information in the spare field is often not information that should be kept secret and is read out as other attribute information. Also, if it is a point card or the like, it does not include information that should be kept secret because it is not possible for any third party to shop with the membership number. In this way, if the type of the card 8 is known, it becomes possible to know which part of the card information should be concealed such as the card number and which part is the non-confidential information.

When the administrator or the like creates a judgment table, it may be defined that all or part of the spare field of the credit card is information that should be kept secret, or the membership number of the point card or the spare field or the spare field. May be defined as information that should be kept secret in whole or in part.

FIG. 6 schematically shows information stored in the card information DB 64. The identification information and the card information are registered in the card information DB 64 in association with each other. The identification information is information for uniquely identifying or identifying the card information. The identification information refers to a name, a code, a character string, a numerical value, or a combination of one or more of these, which is used to uniquely distinguish a specific object from a plurality of objects. The card information is all the information read from the card 8 and mainly has the card number and other attribute information. The card information is stored in the card information DB 64 when the card information has confidentiality. Therefore, the card number is often stored in the card information. It should be noted that other attribute information does not have to be held in the card information DB 64.

(Function of system with information support)
The card information acquisition unit 52 acquires the encrypted card information from the customer system 30 and sends it to the decryption unit 53. The decryption unit 53 decrypts the encrypted card information. That is, all card information is decrypted regardless of whether or not the card information includes confidentiality.

The card type determination unit 54 determines the card type by comparing the decrypted card information with the determination table 63, and determines whether or not the card has confidentiality. Further, the card type determination unit 54 may inquire the card issuer about the validity of the card based on the card type. Validity means checking whether the credit card has expired, payment has not been delayed, and the lost credit card has not been reported. For example, even in the case of a point card, the validity of points is judged. This allows only valid cards 8 to be used.

In the case of a non-confidential card type, the card type determination unit 54 sends the decrypted card information to the information return unit 56. In the case of a confidential card type, the card number and other attribute information are read out from the card information with reference to the determination table 63. That is, the part with confidentiality and the part without confidentiality are taken out. Then, the card number and other attribute information are sent to the token generation unit 61.

The token generation unit 61 assigns an identification information for identifying the card information and sends it to the information correspondence unit 62 together with the card information. The identification information may be called a token. Tokens are often translated as permits, etc. with the original meaning of "sign". Commercially available tokenization may be used for numbering the identification information. The information correspondence unit 62 registers the identification information and the card information in association with each other in the card information DB 64 (only confidential information may be registered). The identification information and the card information of the card information DB 64 are retained until a deletion request is made from the conventional system 36 or the like. The information correspondence unit 62 sends the identification information and other attribute information to the information return unit 56. The information handling unit 62 manages card information in accordance with PCI DSS.

The information return unit 56 transmits the above return information to the information receiving unit 38 of the customer system 30. Although it is transmitted to the customer system 30, it is actually transmitted to the POS terminal 10. "Directing" means that even if the customer system 30 receives the return information, it is a rule to transfer it to the POS terminal 10, or that the transfer to the POS terminal 10 is instructed in advance. The information return unit 56 may use the entire other attribute information as additional information, or may use a part of the other attribute information as additional information based on the determination table 63.

The card information acquisition unit 57 acquires the card number associated with the identification information from the card information DB 64. This enables payment processing using the card number. The card information acquisition unit 57 sends the card number, the amount of money, and the like to the processing agent unit 58.

The processing agency unit 58 performs processing of the conventional system 36 that uses the card number. For example, by acting on behalf of A system 31 (POS system), payment processing by credit card is performed. It is also possible to make payments in cooperation with an external card company. The processing agency unit 58 transmits the processing result to the conventional system 36. As a result, the conventional system 36 and the POS terminal 10 can acquire the processing result in the same manner as when the conventional system 36 processes.

The card information updating unit 59 may obtain information from the customer system 30 that the customer has withdrawn or the credit card holding period has expired, and delete the card information of the card information DB 64.

The washing unit 60 periodically inquires of the card issuing company about the validity of the card information stored in the card information DB 64. If the expiration date has been updated, the new card number or expiration date may be associated with the identification information again. Such a process is called "rewashing". In this way, the information handling system 50 performs the processing normally performed on the credit card, so that the customer system 30 can act on its behalf.

-Processing after conversion of card information into identification information FIG. 4B shows the functions of the POS terminal 10, the customer system 30, and the information support system 50 of the information management system 100 regarding the processing after concealing the card information. This is an example of a functional block diagram shown in a block shape. The description of FIG. 4B describes the difference from FIG. 4A.

(Customer system function)
The customer system has a processing acquisition unit 39 and a conventional system 36. The processing acquisition unit 39 receives a processing request from the POS terminal 10. The processing acquisition unit 39 sends a processing request to the conventional system 36.

The conventional system 36 is the above-mentioned A system 31 to C system 33, and performs necessary processing using the card information. In the present embodiment, when the card information has confidentiality, the information correspondence system 50 takes over at least a part of the processing of the conventional system 36. This is because the customer system 30 does not have the card number of the credit card. In the case of non-confidential card information, the conventional system 36 can process it as it is. Therefore, in this embodiment, the conventional system 36 does not need to be updated or hardly needs to be updated.

(Function of system with information support)
The information handling system 50 has a processing reception unit 51. The processing reception unit 51 receives a processing request for processing related to the conventional system 36 from the customer system 30. As described above, the processing request received by the processing receiving unit 51 is when the confidential card 8 is used in the store 9. Since the processing request includes identification information, the processing reception unit 51 sends the identification information, the amount of money, and the like to the card information acquisition unit 57.

The card information acquisition unit 57, the processing agent unit 58, and the card information DB 64 may be the same as in FIG. 4A.

<Handling of card number and identification information>
FIG. 7 is an example of a diagram illustrating how the card number and the identification information are handled in the present embodiment. FIG. 7A shows the card number until the card number is replaced with the identification information.
(1) The input device 11 encrypts other attribute information and the card number.
(2) The information correspondence system 50 decodes other attribute information and the card number.
(3) The information correspondence system 50 further replaces the card number with the identification information.
(4) The input / output system can obtain other attribute information and identification information.

Since the digit range in which the card number is described in the card information can be replaced with the identification information, the POS terminal 10 can process the card information without being aware that the card number of the card information is replaced with the identification information.

FIG. 7B shows the identification information and the card number when the processing request is transmitted by the identification information to the information correspondence system 50.
(5) When the information correspondence system 50 acquires the identification information and the amount of money, the identification information is replaced with the card number. Such processing is called detoken. As a result, the card number, the amount of money, and the like can be obtained, so that the processing agency 58 can perform payment processing and the like. Since the card number is described in the digit range in which the card number of the card information is described, the processing agent 58 can process using the card number of the card information.

<Operation procedure>
FIG. 8 is an example of a sequence diagram showing a means for the POS terminal 10 to transmit card information and acquire return information. The customer asks the clerk to read the barcode of the product at the cash register of the store, and the POS terminal 10 calculates the total amount of money. A customer or a clerk causes the input device 11 to read the card (credit card).

S1: The reading unit 21 of the input device 11 reads the card information from the card 8.

S2: Next, the encryption unit 22 of the input device 11 encrypts the card information.

S3: Next, the transmission unit 23 of the input device 11 transmits the encrypted card information to the input / output device 12.

S4: The receiving unit 24 of the input / output device 12 receives the encrypted card information, and the first transmitting unit 25 transmits a determination request including the encrypted card information to the customer system 30. A flag or the like indicating that the judgment request is a judgment request is set in the judgment request.

S5: When the determination reception unit 34 of the customer system 30 receives the determination request, it determines that the type of the card 8 is determined based on the flag or the like, and sends it to the transfer unit 37. The transfer unit 37 transmits the determination request to the information correspondence system 50.

S6: When the card information acquisition unit 52 of the information support system 50 receives the determination request, it sends it to the decoding unit 53. The decryption unit 53 decrypts the encrypted card information.

S7: The card type determination unit 54 determines the type of the card 8 with reference to the determination table 63, and determines whether or not the card information should be kept secret based on the type of the card 8. When the card information should be kept secret, the card number and other attribute information are extracted from the card information with reference to the determination table 63.

S8: Steps S8 to S10 are executed when it is determined that the card information includes information to be kept secret based on the type of the card 8. First, the card type determination unit 54 may send the card number to the card issuing company and confirm the validity of the card 8. The validity of the card 8 may be performed even when the card information does not include information to be kept secret.

When an answer regarding the validity of the card is obtained from the card issuing company, but the answer is that the card is not valid, the information handling unit 62 does not associate the card information with the identification information. As a result, it is possible to suppress holding invalid card information. In the following, it will be described that the card 8 is valid.

S9: Next, the token generation unit 61 assigns identification information for identifying the card information.

S10: The information correspondence unit 62 stores the identification information and the card information in the card information DB 64 in association with each other.

S11: The information return unit 56 of the information correspondence system 50 transmits the return information to the customer system 30. That is, when the card information includes confidential information, "card type + identification information + additional information" is transmitted, and when the card information is non-confidential information, "card type + card information" is transmitted. The information handling unit 62 or the information returning unit 56 acquires predetermined additional information from other attribute information. Additional information unique to or general purpose to the card without confidential information may be further added.

S12: The information receiving unit 38 of the customer system 30 receives the return information, and the information transmitting unit 35 transmits the return information to the POS terminal 10. The information receiving unit 27 of the input / output device 12 receives the return information.

Once the identification information is returned to the POS terminal 10, it becomes effective in the following cases, for example.
Case 1: The identification information can be used to easily process returns at a later date (such as printing the identification information on a receipt).
Case 2: When the POS terminal 10 independently has "customer management, point management, etc.", card information for card payment can be retained as identification information.
Case 3: The POS terminal 10 can print the identification information in the IC chip and later use the IC chip to make a payment.

FIG. 9 is an example of a sequence diagram showing a procedure in which the POS terminal 10 requests processing from the customer system 30. The process of FIG. 9 is executed following FIG.

S13: The second transmission unit 26 of the input / output device 12 transmits the processing request to the customer system 30. If the card information contains confidential information, the processing request is "card type + identification information + amount, etc.", and if the card information does not include confidential information, "card type + card information + amount, etc." Is. A flag or the like indicating that the processing request is a processing request is set in the processing request. If the card information includes confidential information, additional information may be included. As a result, the customer system 30 can perform processing using additional information (point awarding according to the point return rate, adjustment of the price depending on whether the member is a paid member or a free member, etc.). Since the customer system 30 can receive the additional information from the information correspondence system 50, the additional information does not have to be included in the return information in the first place.

S14: The processing acquisition unit 39 of the customer system 30 acquires the processing request and relays it to the customer system 30. The customer system 30 carries out various business processes that do not require card information. For example, order processing and product shipping processing to customers. When the customer system 30 performs processing that requires card information (for example, payment processing) continuously or after a while, the customer system 30 determines whether the processing is performed by the conventional system 36 or the information handling system 50. To do. That is, in the case of a card type including confidential information, since the card number is held in the information correspondence system 50, the information correspondence system 50 takes over at least a part of the processing. In the case of a card type including non-confidential information, since the card information is transmitted to the customer system 30, the conventional system 36 of the customer system 30 can perform processing.

S15: Steps S15 to S18 are executed when it is determined that the customer's card has confidential information and the information handling system 50 determines to act for the processing. First, the conventional system 36 of the customer system 30 transmits a processing request to the information handling system 50.

S16: The processing reception unit 51 of the information correspondence system 50 receives the processing request, and the card information acquisition unit 57 reads the card number associated with the identification information from the card information DB 64.

S17: Next, the processing agency 58 performs processing using the card number, the amount of money, and the like. For example, it acts on behalf of the POS system and sends the card number, amount, etc. to the card issuing company to perform payment processing.

S18: The processing agency 58 of the information correspondence system 50 transmits the processing result to the customer system 30.

S19: Step S19 is executed when it is determined that the customer system 30 processes the information because it is not determined that the customer's card has confidential information. Since the conventional system 36 of the customer system 30 is a processing request from the POS terminal 10, it is determined that the processing is a payment request, and the processing is performed by, for example, the A system 31. It is preferable that the POS terminal 10 clearly indicates the content of the process in the process request.

S20: The customer system 30 transmits the processing result to the POS terminal 10. The processing result is, for example, OK indicating that the processing has been completed normally, or NG indicating that the processing has not been completed normally (for example, when the upper limit of the available amount is exceeded).

As described above, the customer system 30 does not need to hold the card information, and the information handling system 50 can hold the card information and perform the processing on behalf of the customer system 50.

In FIG. 9, if the card information does not include the confidential information, the customer system 30 processes it by itself, but even if the card information does not include the confidential information, the information handling system 50 can act on its behalf.

<< When processed directly by the customer system >>
Further, the return information may not be transmitted to the POS terminal 10 and may be directly processed by the customer system 30.

FIG. 10 shows a sequence diagram when the return information is not transmitted to the POS terminal 10 and is directly processed by the customer system 30. In the description of FIG. 10, the difference from FIG. 8 will be described. In FIG. 10, the processing of steps S1 to S11 may be the same as that of FIG.

Next, a system to be processed in the same manner as in step S14 of FIG. 9 is determined. Then, steps S15 to S18 or step S19 of FIG. 9 are performed according to the determination result.

Since the return information is not transmitted to the POS terminal 10 in this way, the time until the end of the process can be shortened.

<Operation procedure when there is no customer system>
The operation procedure when the customer system 30 shown in FIG. 2B is not provided will be described with reference to FIGS. 11 and 12. Even if the customer system 30 does not exist, the load of POS security measures required for PCI DSS compliance can be reduced by having the information handling system 50 take over the processing. In this embodiment, since the input device 11 is immediately encrypted, the POS terminal 10 does not need to support it.

FIG. 11 is an example of a sequence diagram showing a means for the POS terminal 10 to transmit card information and acquire return information. In the description of FIG. 11, the difference from FIG. 8 will be described. In FIG. 11, the determination request is directly transmitted to the information correspondence system 50 in step S4. The processing of steps S6 to S10 is the same as in FIG. Then, in step S11, the return information is transmitted to the POS terminal 10.

FIG. 12 is an example of a sequence diagram showing a procedure in which the POS terminal 10 requests processing from the information correspondence system 50. The process of FIG. 12 is executed following FIG.

S15: The second transmission unit 26 of the input / output device 12 transmits the processing request to the information handling system 50. This is because there is no customer system 30 in the first place. Further, since there is no customer system 30, processing using non-confidential card information is not performed, so the processing request may be "identification information + amount of money, etc." The processing of steps S15 to S18 is the same as that of FIG.

As described above, when the customer system 30 is not provided, the process is simpler, but when the customer system 30 is not provided, the process can be performed in the same manner. Even if the customer system 30 does not exist, the information support system 50 performs payment processing on behalf of the card number and the amount of money associated with the non-confidential identification information received from the POS terminal 10. Good.

<Delete card information of system with information support>
When the information-enabled system 50 no longer needs to hold the card number, the information-enabled system 50 should delete the card number. For example, in the payment by POS, it is not highly necessary for the information correspondence system 50 to hold the card information after the payment of the price of the product or service. Further, by deleting the card information for each purchase, the burden of managing the card information is reduced. On the other hand, the information-enabled system 50 holds the card number for the monthly payments such as utility charges such as electricity, gas, and water charges, subscriptions, Internet providers, and mobile phone usage charges. , It is possible to save the trouble of having the customer read the card 8 and input the card number. Therefore, the information correspondence system 50 of the present embodiment deletes the card information when the deletion request is acquired from the outside. The outside is a customer system 30, a POS terminal 10, a card issuing company, and the like.

FIG. 13 is an example of a sequence diagram showing a procedure in which the information correspondence system 50 deletes card information. The process of FIG. 13 is executed following FIG.

S21: The POS terminal 10 that has acquired the processing result detects that the settlement has been completed based on the processing result, and the second transmission unit 26 transmits a deletion request including the identification information to the customer system 30.

S22: The processing acquisition unit 39 of the customer system 30 determines that the deletion request is made, and transmits the deletion request from the conventional system 36. The customer system 30 transmits a deletion request to the information handling system 50.

S23: The processing reception unit 51 of the information correspondence system 50 receives the deletion request, and the card information acquisition unit 57 acquires the card information associated with the identification information from the card information DB 64.

S24: The card information acquisition unit 57 deletes the acquired card information from the card information DB 64.

S25, S26: The information correspondence system 50 transmits a deletion notification to the POS terminal 10 via the customer system 30.

By doing so, it is possible to suppress an increase in the number of card information held by the information correspondence system 50 and an increase in the load of the washing process.

FIG. 14 is an example of a sequence diagram of a procedure in which the utility charge system 70 does not request deletion when the utility charge is settled.

S31: When the customer registers the credit card card information from the Web page or the application form, the utility charge system 70 communicates with the information correspondence system 50 and the information correspondence system 50 identifies the card information in the card information DB 64. Information is registered. The utility charge system 70 acquires return information from the information handling system 50.

S32: The utility charge system 70 transmits a processing request for settlement of the utility charge to the information correspondence system 50 at a fixed timing every month.

S33: As described above, the information correspondence system 50 acts as a payment agent and transmits the processing result to the utility charge system 70.

S34: However, the utility charge system 70 does not send the deletion request to the information handling system 50 because the processing request is made in the next month as well. In this way, the information correspondence system 50 can retain the card information for the card information that will be used in the future. When the information correspondence system 50 holds the card information, it is effective that the information correspondence system 50 performs the above-mentioned washing process.

FIG. 15 is an example of a sequence diagram showing a procedure in which the information handling system 50 deletes card information when a customer withdraws from the membership or the contract period has expired.

S41: The customer system 30 accepts changes in card information. For example, if you withdraw from the membership or the contract period has expired, we will accept that fact. In S41, the customer system 30 accepts the change, but the card issuing company may accept the change.

S42: The customer system 30 transmits a deletion request together with the identification information to the information correspondence system 50. Since no security measure is required for the identification information, the customer system 30 can hold the identification information.

S43, S44: The card information updating unit 59 of the information correspondence system 50 deletes the card information specified by the identification information from the card information DB 64.

S45: The information correspondence system 50 transmits a deletion notification to the customer system 30. In this way, even if the information correspondence system 50 holds the card information, it is possible to deal with the change or deletion of the card information as in the conventional case.

<Summary>
As described above, in the present embodiment, since the POS terminal 10 and the customer system 30 do not hold confidential card information, no special security measures are required. The information-enabled system 50 holds card information, but security measures conforming to security standards such as PCI DSS are taken in the information-enabled system 50. Further, in the present embodiment, since the input device 11 does not need to have the determination table 63, the store can use it continuously by replacing the conventional POS terminal 10 with the input device 11 having an encryption function, which is costly. It is easy to suppress the increase. Further, even when a new card 8 is distributed, the determination table 63 in the information correspondence system 50 may be updated, so that the new card 8 can be dealt with at an early stage.

In the first embodiment, the information correspondence system 50 assigns the identification information and transmits it to the POS terminal 10, but in this embodiment, the information management system 100 in which the POS terminal 10 transmits the identification information to the information correspondence system 50 will be described. To do.

FIG. 16 is an example of a diagram illustrating an outline of the operation of the information management system 100 of this embodiment. In the description of FIG. 16, the difference from FIG. 1 will be described.
(1) When the card information is read, the input device 11 of the POS terminal 10 encrypts the card information as shown in FIG.
(2) The POS terminal 10 transmits the encrypted card information and the prepared identification information to the information correspondence system 50. After that, the processes (3) to (4) are the same as those in FIG. 1, but it is not necessary to generate the identification information in (5). Hereinafter, in order to distinguish from the identification information of the first embodiment, the identification information of the present embodiment is referred to as "user-side identification information".
(5) When it is determined that the type of the card is a card that should be kept secret, or when it is determined that the card can be used for payment or the like using the user identification information, the information correspondence system 50 is the user side received from the POS terminal 10. The identification information and the card information are associated and held. As a result, if the user side identification information is obtained, the card information can be used. Subsequent processing is the same as in FIG.

The user-side identification information transmitted by the POS terminal 10 is, for example, biometric authentication information such as a face, palm, and fingerprint used in the FIDO standard, a date and a slip number, an IC card ID number, and the like. By doing so, the information correspondence system 50 does not need to create the identification information, and the user (customer) can hold the identification information on the user side. In the first embodiment, since the risk of leakage of the identification information is not zero, a third party who knows the identification information may request the system 50 with information correspondence to perform processing such as payment. For example, a biometric conforming to the FIDO standard. Since it is difficult to disguise the authentication information at the time of input, it is easy to prevent a third party from misusing it.

<About functions>
17A and 17B are examples of functional block diagrams showing the functions of the information management system 100 of this embodiment in a block shape. In the description of FIGS. 17A and 17B, the differences from FIGS. 4A and 4B will be mainly described.

First, in FIG. 17A, the input device 11 also has an identification information acquisition unit 28. The identification information acquisition unit 28 generates unique user-side identification information. The user-side identification information may be input by the user (biometric authentication information such as a fingerprint, an IC card ID number, etc.) or may be acquired from the inside of the POS terminal 10 (date and slip number, etc.). In addition to fingerprints, biometric authentication information may be unique as long as it can be identified from living organisms such as palm prints, vein prints, irises, and faces. The ID number of the IC card is the identification information of the IC card and is not confidential. The same applies when the user identification information is replaced with another identification information on the way. After converting to the first identification information such as biometric authentication information, it may be further converted to the second identification information in the processing of another system.

Further, the information correspondence system 50 of FIGS. 17A and 17B does not have the token generation unit 61. This is because it is not necessary to generate identification information. Other functions are the same as those in FIGS. 4A and 4B, or even if there are differences, there is no problem in the explanation of this embodiment.

<Handling of card number and identification information>
FIG. 18 is an example of a diagram illustrating how the card number and the user-side identification information are handled in the present embodiment. FIG. 18A shows a flow until the card number is associated with the user side identification information.
(1) The input device 11 encrypts other attribute information and the card number. In the case of this embodiment, other attribute information and a card number may be input using a mobile terminal, a PC, a kiosk terminal, a ticket vending machine, a refueling machine, or the like instead of the POS terminal 10.
(2) The input / output device 12 prepares the user side identification information. The user-side identification information may be encrypted together with the card information, or may be encrypted separately. When encrypted separately, the card information and the user identification information may be encrypted by an encryption method suitable for each.
(3) The information correspondence system 50 decodes other attribute information and the card number.
(4) The information correspondence system 50 further replaces the card number with the user side identification information and returns, and associates the card number with the user identification information.
(5) The input / output device 12 can obtain other attribute information and user-side identification information. It is more preferable that the system 50 with information correspondence does not transmit the user identification information or encrypts the user identification information. The card number, the amount, and the like are settled by the payment institution, and the information correspondence system 50 transmits the user identification information and the payment result to the customer system 30.

Since the customer has the user-side identification information, there is no need to transmit it, and by not transmitting it, it becomes easy to suppress leakage. The one-time password may be used in the processes (1) to (5) in order to specify the settlement process (transaction) for the price of the product or the like.

The process of FIG. 18B may be the same as that of FIG. 7B except that the identification information is replaced with the user-side identification information.

Therefore, the information management system 100 can perform the same processing as in the first embodiment by using the user-side identification information.

<Operation procedure>
FIG. 19 is an example of a sequence diagram showing a means for the POS terminal 10 to transmit card information and acquire return information. In the description of FIG. 19, the difference from FIG. 8 will be described. In the process of FIG. 19, user-side identification information is prepared in step S1-2.

S1-2: The identification information acquisition unit 28 of the input device 11 prepares user-side identification information such as biometric authentication. To prepare here means to obtain from a customer or to generate based on a date and a slip number.

Subsequent processing is the same as in FIG. 8, but in FIG. 19, step S9 in which the token generation unit 61 generates identification information is unnecessary. Further, in the process based on the process request described with reference to FIG. 9, the process may be the same because the identification information only replaces the user-side identification information. Further, the return information in step S11 does not have to include the user identification information.

The identification information of the first embodiment is basically unknown to the customer, but since the identification information on the user side of the present embodiment is the information held by the customer, the customer can confirm it later. For example, when returning a product, the process can be specified and a refund can be made by presenting the user's identification information.

<Summary>
As described above, according to the information management system 100 of the present embodiment, it is not necessary for the information correspondence system 50 to generate identification information, and it is easy to suppress an increase in cost. Further, when the biometric authentication information is used as the user-side identification information, it is easy to prevent a third party from misusing it. In addition, by presenting the user side identification information, the process can be specified and a refund can be made.

<Other application examples>
Although the best mode for carrying out the present invention has been described above with reference to Examples, the present invention is not limited to these Examples, and various modifications are made without departing from the gist of the present invention. And substitutions can be made.

For example, the store may be an EC (Electronic Commerce) site on the Internet. In this case, the card information is transmitted from the customer's PC to the EC site. The card information is encrypted on a PC or an EC site, and thereafter processed in the same manner as in the present embodiment. It may also be used by mail order (mail order, telephone order). For example, when the operator inputs the card number, the card number is input to the dedicated terminal, the token number is obtained, and the customer system processes it.

Further, the card 8 may be in a form in which the card information held by a smartphone, a tablet terminal or the like is used by using a communication means such as NFC (Near Field Communication).

The credit card security standard (PCI DSS) is not limited to any standard such as My Number card. Moreover, this embodiment can be suitably applied even if there is no specific standard regarding security measures.

Further, the return information transmitted by the information handling system 50 to the customer system 30 or the POS terminal 10 may be encrypted. Further, the system 50 with information correspondence may have the authentication authority encrypt the hash value of the returned information and transmit it to the customer system 30 or the POS terminal 10. The customer system 30 or the POS terminal 10 can verify that the return information has not been tampered with by the hash value.

Further, in the present embodiment, among the information included in the card information, the information transmitted to the customer system 30 and the information correspondence system 50, the information managed by the information correspondence system 50, and the information correspondence system 50 to the customer system 30 Alternatively, the information transmitted to the POS terminal 10 is described, but these are only examples. If the information is included in the card information, the information transmitted to the customer system 30 and the information correspondence system 50, the information managed by the information correspondence system 50, and the information transmitted from the information correspondence system 50 to the customer system 30 or the POS terminal 10. It can be arbitrarily included in the information to be provided.

Further, the configuration example shown in FIG. 4 and the like is divided according to the main functions in order to facilitate understanding of the processing by the POS terminal 10, the customer system 30, and the system with information correspondence 50. The present invention is not limited by the method of dividing the processing unit or the name. The processing of the POS terminal 10, the customer system 30, and the system with information correspondence 50 can be divided into more processing units according to the processing content. Further, one processing unit can be divided so as to include more processing.

The card information acquisition unit 52 is an example of card information acquisition means, the decoding unit 53 is an example of decoding means, the information correspondence unit 62 is an example of information correspondence means, and the information return unit 56 is a return means. The processing reception unit 51 is an example of the processing reception means, the card type determination unit 54 is an example of the confidentiality determination means, and the card information acquisition unit 57 is an example of the card information acquisition means. The unit 58 is an example of the processing agency means, and the token generation unit 61 is an example of the identification information generation means. The customer system 30 is an example of the second information processing device.

8 Cards 9 Stores 10 POS Terminals 11 Input Devices 12 Input / Output Devices 30 Customer Systems 50 Information Support Systems 100 Information Management Systems

Japanese Unexamined Patent Publication No. 2017-07875

Claims (10)

An information processing device that acquires the card information from a terminal device that acquires card information or a second information processing device.
Card information acquisition means for acquiring the encrypted card information, and
Decoding means for decoding the card information acquired by the card information acquisition means, and
A confidentiality determining means for determining whether or not the card information decrypted by the decoding means is confidential, and
When it is determined by the confidentiality determination means that the data portion has confidentiality, the information correspondence means for associating the data portion having confidentiality with the identification information
When it is determined by the confidentiality determining means that there is confidentiality, the non-confidential data portion and the identification information are returned to the terminal device or the second information processing device, and the confidentiality determining means is used. A program that functions as a return means for returning the card information decrypted by the decoding means to the terminal device or the second information processing device when it is determined that the information is not confidential. The program according to claim 1, wherein the return means adds and returns additional information for processing by the second information processing apparatus according to the type of the card information. The confidentiality determining means refers to the card type determining information for determining the card type from the card information, and determines the type of the card from which the card information decrypted by the decoding means has been acquired. The program according to claim 1, wherein the presence or absence of sex is determined. The information processing device
It functions as a processing receiving means for receiving a processing request together with the identification information from the terminal device or the second information processing device.
The processing receiving means receives the processing request for processing using the identification information via the second information processing device that performs processing using the card information.
The information-corresponding means associates the card information including a data portion having confidentiality with the identification information.
The information processing device
When the processing receiving means receives the processing request together with the identification information, the card information obtaining means for obtaining the card information associated with the identification information and the card information obtaining means.
A processing agent means that substitutes the processing of the second information processing device or the terminal device by using the card information obtained by the card information obtaining means.
The program according to claim 2 or 3, characterized in that the program functions as. The second information processing device performs processing using a confidential data portion of the card information.
The fourth aspect of the present invention is characterized in that the processing agency means substitutes the processing of the second information processing apparatus by using a confidential data portion of the card information obtained by the card information obtaining means. Program. The information processing device
To function as an identification information generation means for generating the identification information,
The program according to any one of claims 1 to 5, wherein the information-corresponding means associates a data portion having confidentiality with the identification information generated by the identification information generation means. The card information acquisition means acquires the identification information from the terminal device or the second information processing device, and obtains the identification information.
The program according to any one of claims 1 to 5, wherein the information-corresponding means associates a data portion having confidentiality with the identification information acquired by the card information acquisition means. The confidentiality determination means transmits the decrypted card information to the card issuing company, obtains an answer regarding the validity of the card holding the card information, and obtains an answer.
The program according to claim 1, wherein when the card is not valid, the information-corresponding means does not associate the decoded data portion having confidentiality with the identification information. An information processing device that acquires the card information from a terminal device or a second information processing device that acquires card information.
Card information acquisition means for acquiring the encrypted card information, and
Decoding means for decoding the card information acquired by the card information acquisition means, and
A confidentiality determining means for determining whether or not the card information decrypted by the decoding means is confidential, and
When it is determined by the confidentiality determination means that the data portion has confidentiality, the information correspondence means for associating the data portion having confidentiality with the identification information
When it is determined that there is confidentiality by the confidentiality determination means, the non-confidential data portion and the identification information are returned to the terminal device or the second information processing device, and the confidentiality is concealed by the confidentiality determination means. An information processing device having a return means for returning the card information decoded by the decoding means to the terminal device or a second information processing device when it is determined that there is no property. A card information processing method performed by an information processing device that directly or indirectly acquires the card information from a terminal device that acquires the card information.
A step in which the card information acquisition means acquires the encrypted card information,
A step in which the decoding means decrypts the card information acquired by the card information acquisition means, and
The confidentiality determination means determines whether or not the card information decrypted by the decryption means is confidential.
When the information-corresponding means is determined to be confidential by the confidentiality determination means, a step of associating the data portion having confidentiality with the identification information, and
When the confidentiality determination means determines that the confidentiality is high, the return means returns the non-confidential data portion and the identification information to the terminal device or the second information processing device, and the confidentiality is determined. When the determination means determines that the card information is not confidential, the step of returning the card information decoded by the decoding means to the terminal device or the second information processing device, and
Card information processing method with.

Images