JP7160402B2 - integrated circuit - Google Patents

Description

The present invention relates to integrated circuits.

Credit card fraud such as forged signatures, PIN analysis, skimming, card counterfeiting, and unauthorized use by relatives is on the rise.

To prevent fraudulent use of card payments, biometric authentication with high security is sometimes used in recent years.

As an example of a system that confirms a user based on biometric authentication, there is an automatic teller machine (ATM) that performs balance inquiry, deposit/withdrawal, and transfer processing of bank deposits and savings. In such a bank system, the ATM acquires the user's biometric data and transmits it to the bank's server. The server performs biometric authentication by matching the biometric data of the user received from the ATM with the biometric data stored in the database.

There is also a technique in which a credit card is attached with a fingerprint sensor, and the fingerprint data stored in the credit card is collated with the user's fingerprint data acquired by the fingerprint sensor.

Furthermore, the card payment terminal acquires the biometric data stored in the credit card, acquires the user's biometric data with the sensor provided in the card payment terminal, and the card payment terminal compares the acquired biometric data. A technique for doing so is disclosed in Japanese Patent No. 5713516.

Japanese Patent No. 5713516

However, the above technology does not consider using the biometric data stored in the credit card for functions other than card payment.

SUMMARY OF THE INVENTION The present invention has been made in view of the above circumstances, and relates to an integrated circuit capable of providing a user with multiple functions and storing usage history.

According to this embodiment, an integrated circuit comprises a memory and a processor. The memory includes first biometric data of a first user who can use a first function for settlement, first user identification information indicating the first user, and a function different from the first function. Second biometric data of a second user who can use the second function and is different from the first user , second user identification information indicating the second user, and the first function and history information relating to the second function. The processor wirelessly transmits first biometric data to the first external device when the first user uses the first function, and performs first biometric data based on the first biometric data from the first external device. receive the first result data of the biometric authentication wirelessly, the history information includes the first user identification information, the first identification information indicating the first function, the first result data, the first add the first information associated with the time information of . The processor wirelessly transmits the second biometric data to the first external device or a second external device different from the first external device when the second user uses the second function; wirelessly receives second result data of second biometric authentication based on second biometric data from one external device or a second external device ; Second information is added that associates second identification information indicating the function of, second result data, and second time information.

According to the present invention, it is possible to record usage histories of a plurality of biometric authentications in an integrated circuit.

1 is a block diagram showing an example of the configuration of a multifunction card according to the first embodiment; FIG. 4 is a block diagram illustrating functions provided in the multifunction card according to the first embodiment; FIG. 4 is a data structure diagram showing an example of setting information according to the first embodiment; FIG. 4 is a data structure diagram showing an example of history information according to the first embodiment; FIG. 4 is a flowchart showing an example of setting processing of the multifunctional card according to the first embodiment; 4 is a flowchart showing an example of processing for using the multifunctional card according to the first embodiment; FIG. 5 is a block diagram showing an example of the configuration of a card settlement terminal and peripheral devices according to a second embodiment; FIG. 10 is a data structure diagram showing a first example of payment data according to the second embodiment; FIG. 9 is a data structure diagram showing a second example of payment data according to the second embodiment; FIG. 11 is a data structure diagram showing a third example of payment data according to the second embodiment; FIG. 11 is a data structure diagram showing an example of credit result data according to the second embodiment; 9 is a flowchart illustrating processing of the card payment terminal according to the second embodiment; 10 is a flowchart illustrating signature data collation processing according to the second embodiment; The block diagram which shows an example of a structure of the card payment system which concerns on 3rd Embodiment. 14 is a flowchart illustrating personal information setting processing according to the third embodiment; 10 is a flowchart illustrating processing in a security service according to the third embodiment;

BEST MODE FOR CARRYING OUT THE INVENTION Hereinafter, embodiments of the present invention will be described with reference to the drawings. In the following description, substantially or substantially the same functions and components are denoted by the same reference numerals and will be described only when necessary.

[First Embodiment]
In this embodiment, a multifunctional card including other functions in addition to the card payment function will be described. The multifunction card stores biometric data.

In this embodiment, identification information is called ID.

FIG. 1 is a block diagram showing an example of the configuration of a multifunction card according to this embodiment.

The multifunction card 1 includes, for example, a card-shaped card body 1A and an integrated circuit 2 provided in the card body 1A. The integrated circuit 2 may be, for example, an IC (Integrated Circuit) chip. This integrated circuit 2 includes a communication unit 3, a processor 4, and memories 5A-5C.

The multifunction card 1 operates in cooperation with the information processing device 8 or the biometric authentication device 9 .

The information processing device 8 transmits, for example, signals, commands, software, programs, data, setting information, user IDs, software IDs, data IDs, and other various types of information using the card writer 8A.

The biometric authentication device 9 includes a card reader/writer 9A, a biosensor 9B, and a matching section 9C. The card reader/writer 9A receives signals, commands, data, information, etc. from the multifunction card 1 or transmits signals, commands, data, information, etc. to the multifunction card 1 . The biosensor 9B acquires the biometric data of the user of the multifunction card 1 . The collation unit 9C collates the biometric data acquired by the biosensor 9B with the biometric data received from the multifunctional card 1 via the card reader/writer 9A, and performs biometric authentication. The verification unit 9C then transmits the biometric authentication result to the multifunctional card 1 via the card reader/writer 9A.

The biometric authentication device 9 may be, for example, a card payment terminal installed in a store, or may be various information processing devices. The information processing device may be, for example, a personal computer, a mobile phone such as a smart phone, a tablet computer, or the like.

The multifunctional card 1 may include at least one card payment function 61 among, for example, a credit card function, a debit card function, and a prepaid card function. In this embodiment, in order to simplify the explanation, the case where the card payment function 61 functions as a credit card will be explained as an example.

In this embodiment, the multifunction card 1 includes a plurality of biometric data 71-7N corresponding to each of a plurality of users. In this way, when the multifunction card 1 contains a plurality of pieces of biometric data 71 to 7N, the multifunction card 1 can be shared by a plurality of users belonging to arbitrary groups such as family members and employees. be possible. However, in this embodiment, only one user is permitted to use the multifunctional card 1 as a credit card. A plurality of users may be able to use the multifunction card 1 as a credit card.

If the multifunction card 1 is assumed to be used exclusively by one user, the biometric data contained in the multifunction card 1 may correspond to one user. Other functions 62 to 6M other than the card settlement function 61 included in the multifunctional card 1 are, for example, a point card, a train ticket (commuter pass), a social security card, a resident card, a seal card, an unlocking card, a driver's license, It may function as an insurance card, passport, car key, My Number card, social security card, or medical card. In this embodiment, for example, the card settlement function 61 enables the use of the multifunctional card 1 when biometric authentication is successful for a specific user. For the second function such as a point card, the multifunctional card 1 can be used without biometric authentication. For the third function such as a car key or an unlocking card, the multifunction card 1 can be used when the biometric authentication is successful for any one of the plurality of biometric data stored in the multifunction card 1. do.

Multifunction card 1 receives radio waves (electromagnetic field) emitted from a device such as card writer 8A or card reader/writer 9A with antenna circuit 3A of communication unit 3, converts the received radio waves into electricity, and integrates them. Used as power for circuit 2. However, the multifunction card 1 may also include a power supply.

When the multifunction card 1 is set, the communication unit 3 receives signals, commands, software, programs, data, settings from the card writer 8A provided in the information processing device 8 in a contact or non-contact, wired or wireless manner. Information such as user ID, software ID, data ID, and other various information is received.

When the multifunction card 1 is used, the communication unit 3 transmits or receives signals, commands, data, information, etc. to or from the card reader/writer 9A in a contact or non-contact, wired or wireless manner.

The processor 4 controls the communication unit 3 and accesses the memories 5A-5C. More specifically, processor 4 executes control software 10 stored in memory 5A. Also, the processor 4 can execute software 111 to 11K for realizing various functions stored in the memory 5B. Processor 4 can use memory 5C as a working memory. Processor 4 executes control software 10 stored in memory 5A, and can execute each of a plurality of pieces of software 111 to 11K stored in memory 5B according to control based on control software 10. FIG. Moreover, the processor 4 can execute new software when new software is added to the memory 5B. For example, control software 10 may be an operating system (OS). For example, software 111-11K may be applications.

For example, memories 5A and 5B are non-volatile memories. More specifically, for example, the memory 5A may be read-only memory (ROM), and the memory 5B may be EPROM (Erasable Programmable Read-Only Memory) or EEPROM (Electrically Erasable Programmable Read-Only Memory).

The memory 5B stores software 111-11K associated with the software ID, biometric data 71-7N associated with the user ID, setting information 12, and history information 13. FIG.

The software 111 to 11K includes programs for realizing various functions and information about the programs. By making the software 111 to 11K executable, the multifunctional card 1 can implement other functions 62 to 6M in addition to the card payment function 61. FIG. For example, the software 111 realizes a card payment function 61 as a credit card, and the software 112-11K can realize functions 62-6M other than the card payment function 61. FIG.

The biometric data 71-7N may be, for example, fingerprint data, vein data, artery data, palm data, retina data, iris data, face data, blood vessel data, voice data, voiceprint data, or ear data.

The setting information 12 includes various information necessary for the operation of the control software 10 of the multifunction card 1 and the software 111 to 11K. For example, the setting information 12 is information for managing the software IDs indicating the software 111 to 11K stored in the memory 5B of the multifunction card 1 and the user IDs indicating the biometric authentication candidate (target) users in association with each other. be. As a result, for example, the multifunction card 1 allows one user to use the card payment function 61, for example, allows anyone to use the point card function (no biometric authentication required), and allows a plurality of users to use the function. On the other hand, the security level can be set according to the function of the multifunction card 1, such as permitting the function as an automobile key.

If it is assumed that the multifunction card 1 will not be shared and will be used by only one specific user, the setting information 12 indicates the software ID and whether or not biometric authentication is required. Information may be associated and managed.

The history information 13 includes, for example, time information, a software ID indicating software to be used, information indicating whether biometric authentication was successful, and authentication when the biometric authentication was successful each time the multifunctional card 1 was used. This is information for managing the user ID indicating the user who received the information in association with it.

Note that if it is assumed that the multifunction card 1 will not be shared and will be used by only one specific user, even if the user ID is omitted from the information included in the history information 13, good.

Each software 111-11K is executed under the control of the control software 10. FIG.

The software 111 implements a card settlement function 61 on the card side by being executed by the processor 4, for example.

The software 112 implements the point card function 62 on the card side by being executed by the processor 4, for example.

The software 113 implements the car key function 63 on the card side by being executed by the processor 4, for example.

The control unit 41 is implemented by the processor 4 executing the control software 10 .

When the multifunction card 1 is set, the control unit 41 receives the software 111 to 11K, the software ID, the user ID indicating the biometric authentication candidate (target) user, the biometric data 71 to 11K from the card writer 8A via the communication unit 3. 7N, receives the user ID indicating the user corresponding to the biometric data 71 to 7N. Then, control unit 41 associates the received software with the software ID and stores them in memory 5B. The control unit 41 updates the setting information 12 by associating the received software ID with the user ID indicating the user of the biometric authentication candidate. The control unit 41 associates the received biometric data 71 to 7N with the corresponding user ID and stores them in the memory 5B.

The control software 10 may be included in the OS, for example. As a more specific example, the control software 10 may be included in a multi-application OS or a general-purpose OS called a virtual machine. However, the control software 10 may be software that operates under the control of the OS instead of being included in the OS.

Based on the command received via the communication section 3, the control section 41 determines which software among the plurality of software 111 to 11K is to be executed.

Based on the setting information 12, the control unit 41 determines whether or not the determined software requires biometric authentication.

The control unit 41 executes the determined software when the determined software does not require biometric authentication.

If the determined software requires biometric authentication, the control unit 41 continues until an authentication result indicating successful authentication is received, or until the determined software is set as a biometric authentication candidate in the setting information 12 . The biometric data are sequentially transmitted to the biometric authentication device 9 via the communication unit 3 until the biometric authentication for all biometric data is completed. Then, the control unit 41 receives the authentication result from the card reader/writer 9A provided in the biometric authentication device 9 via the communication unit 3 .

When the received authentication result indicates successful authentication, the control unit 41 executes the determined software, and sends the time information, the software ID indicating the determined software, and the authentication indicating that the biometric authentication was successful. The history information 13 in the memory 5B is updated by associating the result with the user ID indicating the user whose biometric authentication was successful.

The control unit 41 completes the biometric authentication for all the biometric data set as biometric authentication candidates for the determined software in the setting information 12, and performs the received authentication for the biometric data of all the biometric authentication candidates. When the result indicates authentication failure, the time information, the software ID indicating the determined software, and the authentication result indicating that the biometric authentication was unsuccessful are associated to update the history information 13 in the memory 5B.

When biometric authentication for all biometric data set as biometric authentication candidates for the determined software in the setting information 12 is completed and all of the received authentication results indicate authentication failure, the control unit 41 , various data in the memory 5B of the multi-function card 1 may be made unreadable, thereby protecting the multi-function card 1. FIG.

Based on the setting information 12, the control unit 41 may change the multifunction card 1 from the usable state to the disabled state in the application based on the software for which the biometric authentication has been determined to be unsuccessful. Alternatively, based on the setting information 12, if there is one or more pieces of software for which biometric authentication has failed, the control unit 41 changes all the functions of the multifunction card 1 from the enabled state to the disabled state. can be changed to

FIG. 2 is a block diagram illustrating a plurality of functions provided in the multifunction card 1 according to this embodiment.

The multifunction card 1 stores software 111 to 11K for realizing the card settlement function 61, the point card function 62, the car key function 63, the driver's license function 64, etc., as described above. Software 111-11K includes the data required to implement the corresponding functions.

The multifunction card 1 also stores biometric data 71 . The biometric data 71 may be shared by multiple functions.

For example, a biometric authentication device 9 such as a card payment terminal including a biosensor 9B receives biometric data 71 from the multifunctional card 1, compares the biometric data 71 with the biometric data acquired by the biosensor 9B, The authentication result is sent to the multifunction card 1.

The multifunction card 1 transmits data corresponding to the function to the biometrics authentication device 9 when the biometrics authentication is successful.

FIG. 3 is a data structure diagram showing an example of the setting information 12 according to this embodiment.

The setting information 12 associates a software ID indicating software installed in the multifunction card 1 with a user ID indicating a user who is permitted to use the software when biometric authentication is successful. For example, if no user ID is associated with the software ID in the setting information 12, it indicates that the software indicated by the software ID can be used by anyone and does not require biometric authentication.

FIG. 4 is a data structure diagram showing an example of the history information 13 according to this embodiment.

The history information 13 associates the time information when the command was received, the software ID indicating the software corresponding to the command, the biometric authentication result, and the user ID indicating the authenticated user when the biometric authentication was successful. ing.

FIG. 5 is a flowchart showing an example of setting processing of the multifunction card 1 according to this embodiment.

In step S1, the communication unit 3 receives, from the card reader 8A of the information processing device 8, software, a software ID, a user ID indicating a user who is a candidate for biometric authentication, and biometric data of the user who is a candidate for biometric authentication. The software, information, and data received in step S1 may be received in multiple batches.

In step S2, control unit 41 associates the received software with the software ID and stores them in memory 5B.

In step S3, the control unit 41 updates the setting information 12 by associating the received software ID with the user ID indicating the user of the biometric authentication candidate.

In step S4, the control unit 41 associates the received biometric data with the user ID and stores them in the memory 5B.

Note that the order of steps S2 to S4 may be freely changed, or may be performed at the same time.

FIG. 6 is a flowchart showing an example of processing for using the multifunction card 1 according to this embodiment.

At step T1, the communication section 3 receives a command from the card reader/writer 9A of the biometric device 9. FIG.

At step T2, the control unit 41 determines whether or not biometric authentication is necessary. Specifically, the control unit 41 determines whether or not the software ID indicated by the command is associated with the user ID in the setting information 41 .

If biometric authentication is not required, the process moves to step T8A.

If biometric authentication is required, in step T3, the control unit 41 reads the biometric data of the biometric authentication candidate from the memory 5B. Specifically, the control unit 41 selects the user ID associated with the software ID indicated by the command in the setting information 12, and retrieves the biometric data associated with the selected user ID from the memory 5B. read out.

At step T<b>4 , the communication unit 3 transmits the read biometric data to the biometric authentication device 9 .

At step T<b>5 , the communication unit 3 receives the biometric authentication result from the biometric authentication device 9 .

At step T6, the control unit 41 determines whether the biometric authentication result is successful or unsuccessful.

If the biometric authentication result is successful, the process moves to step T8B.

If the biometric authentication result is a failure, in step T7, the control unit 41 determines whether or not biometric authentication has been performed for all the biometric data of the biometric authentication candidates. Specifically, in the setting information 12, the control unit 41 sets the user ID associated with the software ID indicated by the command as the biometric authentication candidate user ID, and sets the user ID associated with the biometric authentication candidate user ID. The biometric data is biometric data of biometric authentication candidates, and it is determined whether or not biometric authentication has been performed for all the biometric data of biometric authentication candidates.

If biometric authentication has been performed on biometric data of all biometric authentication candidates but the biometric authentication result is not successful, the process proceeds to step T8C.

If biometric authentication has not been executed for all the biometric data of biometric authentication candidates, the process returns to step T3, and the same process is executed for the biometric data of the next biometric authentication candidate.

If it is determined in step T2 that biometric authentication is unnecessary, in step T8A, the control section 41 stores the time information and the software ID indicated by the command in the history information 13 in association with each other.

Then, in step T9A, the control unit 41 executes software associated with the software ID indicated by the command, and transmits data used by an external device via the communication unit 3. FIG. As a result, the multifunctional card 1 can be used for applications that do not require biometric authentication.

If the biometric authentication is successful in step T6, the control unit 41 stores the time information, the software ID, the authentication result indicating that the biometric authentication was successful, and the authenticated user ID in the history information 13 in step T8B. Store in association.

Then, in step T9B, the control section 41 executes the software associated with the software ID indicated by the command, and transmits data used by the external device via the communication section 3, as in step T9A. For example, if the command is a payment command, the control unit 41 executes the card payment function 61 and sends the user ID indicating the user whose biometric authentication has succeeded, Data for settlement including card number, expiration date, name, address, telephone number, etc. corresponding to the person ID is transmitted.

If biometric authentication has been performed for all biometric data of biometric authentication candidates in step T7, but the biometric authentication result is not successful, in step T8C, the control unit 41 adds time information, software ID , and stores an authentication result indicating that the biometric authentication is unsuccessful. After step T8C, the process ends.

In the present embodiment described above, the multifunction card 1 containing the biometric data 71-7N can be used for various purposes, functions, applications, or services. The biometric data 71 to 7N can be used not only for the card payment function 61 but also for other functions for biometric authentication.

In this embodiment, it is possible to set whether or not to perform biometric authentication according to the purpose, function, application, or service of the multifunction card 1 .

In this embodiment, by using the setting information 12, when biometric authentication is successful for at least one specific user, various operations such as transmission of data from the multifunctional card 1 to the biometric authentication device 9, for example, can be performed. can provide services.

In this embodiment, the usage history of the multifunction card 1 can be managed based on the history information 13, and unauthorized use can be suppressed.

In this embodiment, the functions of a plurality of cards can be integrated into a single multifunctional card 1, which can reduce the user's burden of card management and increase the user's convenience. , it is possible to prevent unauthorized use by the user.

In this embodiment, for example, when the multifunctional card 1 is used for card settlement, only one user can use it, and when the multifunctional card 1 is used as a car key, for example, it is shared by a plurality of users. can be made possible.

In this embodiment, for example, by using biometric data instead of passwords, the user can relieve the burden of managing and changing passwords.

In the present embodiment, when biometric authentication fails, the card is prohibited from being used with respect to the function for which biometric authentication has been determined to have failed or all functions of the multifunctional card 1, thereby increasing the security of the multifunctional card 1. can increase

[Second embodiment]
An embodiment of a card payment terminal according to a second embodiment will be described below with reference to the drawings.

In this embodiment, a credit card is used as an example for storing biometric data used for biometric authentication. However, as a card storing biometric data, various cards such as a debit card and an electronic money card may be used as long as they are used for payment. For example, the card storing biometric data used for biometric authentication may be the multifunctional card 1 according to the first embodiment.

FIG. 7 is a block diagram showing an example of the configuration of a card settlement terminal and peripheral devices according to this embodiment.

In this embodiment, the card C of the user U includes a card-shaped card body C1 and an integrated circuit T provided in the card body C1. The integrated circuit T includes, for example, a card number 201 that is an example of a card ID, an expiration date 202, a name 203 that is an example of a user ID, an authentication failure flag 204 that is an example of a biometric authentication result, biometric data 205, and the like. Store data D. The card data D is already stored in the card C when the card is issued, for example. As the biometric data 205, for example, a fingerprint pattern, an iris pattern, a vein pattern, etc. are used in the same manner as the biometric data 71 to 7N described above, and are compared with the biometric data 206 of the user U acquired at the time of payment in biometric authentication. be. In addition, biometric data 205 and name 203 can include data of multiple contractors so that one card can be used by multiple contractors. A method of identifying the user will be described later.

The card settlement terminal 200 includes a signature input device 207 , a biometric data acquisition device 208 that is an example of the biosensor 9B, and a card terminal 209 . The card terminal 209 includes a card data read/write device 210, which is an example of the card reader/writer 9A, a payment acceptance device 211, a processing device 212, which is an example of the collation unit 9C, and a communication device 213.

The card data reader/writer 210 reads the card data D stored in the card C of the user U and sends the card data D to the processor 212 . Further, the card data read/write device 210 can rewrite the card data D stored in the card C according to instructions from the processing device 212 .

Furthermore, the card data read/write device 210 can read the card data D1 stored in the magnetic storage medium T1 provided in the card C. FIG. For example, card data D1 includes information on at least one of a user ID and a card ID.

The payment acceptance device 211 accepts the payment amount and payment method (for example, lump-sum payment, payment in installments), etc. based on the operation of the member store clerk, for example, and sends the payment amount and payment method to the processing device 212 .

The signature input device 207 acquires the signature data 214 at the time of card settlement of the user U, and sends the signature data 214 to the processing device 212 of the card terminal 209 . Note that the signature input device 207 may be any device that allows the user U to input a handwritten signature and send it to the processing device 212 as electronic data. For example, the signature input device 207 may be a device capable of electronically signing with a touch pen, or may be a device such as a scanner or a camera that digitizes the user U's signature on a paper medium.

Further, the signature input device 207 can acquire the signature D3 of the user U written in the signature area A on the back surface of the card C as electronic data (signature data 227 on the card C). As for the method of reading the signature D3, for example, the user U may scan the card C using a scanner or a camera provided in the signature input device 207 .

The signature input device 207 sends signature data 227 on card C to the processing device 212 .

The biometric data acquisition device 208 acquires the biometric data 206 of the user U at the time of card payment as electronic data, and sends the biometric data 206 to the processing device 212 of the card terminal 209 .

In addition, in this embodiment, the signature input device 207 and the biometric data acquisition device 208 do not need to be separate devices, and may be implemented as one device. In this case, the data sent to the processing device 212 may not be distinguished whether it is biometric data or signature data.

The processing device 212 automatically determines whether or not the biometric data acquisition device 208 has read the biometric data 206 of the user U at the time of payment, and whether or not the signature input device 207 has read the signature data 214 of the user U. discriminate.

The processing device 212 creates payment data 215 and sends the payment data 215 to the communication device 213 . The payment data 215 will be described later with reference to FIGS. 8 to 10. FIG.

Processing device 212 controls a series of card authentication processes in card terminal 209 . Details of various authentication processes executed by the processing device 212 will be described later with reference to FIG. 12 .

If the biometric data acquisition device 208 does not acquire the biometric data 206, the processing device 212 acquires at least one of the user ID and the card ID read from the magnetic storage medium T1 of the card C, and the signature data 214. , and the payment amount may be associated with each other and stored in the database DB.

Communication device 213 transmits payment data 215 to acquirer server 216 via a network. Payment data 215 is then transmitted, for example, from the acquirer's server 216 to the card brand's server 217 and from the card brand's server 217 to the issuer's server 218 . For example, the communication device 213 transmits the payment data 215 to the issuer's server. Note that the communication device 213 may transmit the payment data 215 to the issuer server 218 via one of the acquirer server 216 and the card brand server 217 .

The communication device 213 also receives credit result data 219 from the issuer server 218 via the card brand server 217 and the acquirer 216 and sends the received credit result data 219 to the processing device 212 . For example, the issuer server 218 transmits the credit result data 219 to the card payment terminal 200 as a destination. The issuer server 218 may transmit the credit result data 219 to the card settlement terminal 200 via either the acquirer server 216 or the card brand server 217 . Based on the credit result data 219, the processing device 212 determines whether the payment has been completed or failed. Details of the credit result data 219 will be described later with reference to FIG.

The database DB is included in, for example, a terminal installed at a member store, and stores data used by the member store in past transactions with customers. For example, this data is stored with a transaction ID 220 for each transaction with a customer, including a customer ID 221, transaction data 222 including item names and amounts, shipping data 223 including item shipping destinations and dates and times, and card data. and payment/authentication data 224 including information about the payment amount and the like. The payment/authentication data 224 includes card information 225, payment amount 226, and in the case of biometric authentication, an authenticated person (authenticated user) ID 228. FIG.

The card information 225 stores information required by the member store, among the data included in the card data D acquired by the card data read/write device 210 .

The settlement/authentication data 224 includes the same contents as the settlement data 215 transmitted from the card terminal 209 to the server 216 except for the ID 228 of the person to be authenticated, but the two do not have to match each other. Also, the transaction data 222, the shipping data 223, and the settlement/authentication data 224 may contain other information different from the information described above.

The database DB is connected to the card terminal 209, and can transmit and receive data to and from the card terminal 209 via a database interface provided in the processing device 212 of the card terminal 209, for example.

FIG. 8 is a data structure diagram showing a first example of the payment data 215 according to this embodiment. The payment data 215 a is created when communication is performed between the card terminal 209 and the server 216 . The payment data 215a is based on the payment data 215a in FIG. 8, but may be either the payment data 215b in FIG. 9 or the payment data 215c in FIG. 10 depending on the situation.

The payment data 215a includes card number 201, expiration date 202, name 203, payment amount 226, payment method 229, merchant information 230, etc., but may include other information.

The member store information 230 includes information identifying the member store, such as the name, address, or type of business of the member store.

FIG. 9 is a data structure diagram showing a second example of the payment data 215 according to this embodiment.

If the acquisition of the biometric data 206 of the user U is completed but the card data D does not contain the biometric data 205, the card terminal 209 performs the payment in order to execute biometric authentication on one of the servers 216 to 218. Payment data 215 b is created by adding biometric data 206 to data 215 a , and payment data 5 b is transmitted to server 216 .

When server 216 or server 217 receives payment data 215b, server 216 or server 217 determines whether biometric data for matching with biometric data 206 is stored. When the server 216 or the server 217 stores biometric data for matching with the biometric data 206, the server 216 or the server 217 stores biometric data based on the biometric data 215b included in the payment data 215b and the stored biometric data. perform matching. If server 216 or server 217 does not store biometric data to match with biometric data 206 , server 216 or server 217 transmits payment data 215 b to server 217 or server 218 .

FIG. 10 is a data structure diagram showing a third example of the payment data 215 according to this embodiment.

The card terminal 209, the server 216, or the server 217 receives the biometric data 205 stored in the card C, the biometric data stored in the server 216, or the biometric data stored in the server 217 and the biometric data 206. , and if the biometric authentication is successful, payment data 215c including an authentication success notification 231 is created instead of the biometric data 206 of the payment data 215b of FIG. The card terminal 209 , the server 216 or the server 217 then transmits the payment data 215 c to the server 216 , the server 217 or the server 218 .

The authentication success notification 231 includes an authentication executor ID 232 that identifies a person who has performed biometric authentication, and an authenticated person ID 233 that identifies a person who has been biometrically authenticated.

When biometric authentication is successful in the processing device 212, the authentication executor ID 232 may be, for example, the ID of the member store that uses the card settlement terminal 200, the ID of the card settlement terminal 200, account information of the member store, or the like.

When the biometric authentication is successful at the server 216 or the server 217 , the authentication executor ID 232 may be, for example, an acquirer ID that manages/operates the server 216 or a card brand ID that manages/operates the server 217 .

The authenticated person ID 233 may be, for example, a unique ID or a name as long as the authenticated person can be specified.

If the biometric authentication by matching the biometric data 206 and the biometric data 205 fails at the card payment terminal 200, the payment is not established at this point, and communication with the server 216, server 217, or server 218 is unnecessary. Yes, and payment data 215 may not be created.

FIG. 11 is a diagram showing an example of the credit result data 219 according to this embodiment.

Credit result data 219 includes credit result 234 and biometric authentication execution flag 235 . The credit result data 219 further includes a person-to-be-authenticated ID 236 when biometric authentication is executed and the biometric authentication is successful.

The credit result 234 indicates whether the credit result is OK or NG, and may be represented by a 1-bit flag, for example.

The biometric authentication execution flag 235 indicates whether or not biometric authentication has been performed, and may be represented by a 1-bit flag, for example.

The authenticated person ID 236 indicates which authenticated person the credit result data 219 corresponds to. Further, it is possible to associate which settlement data 215 the credit result data 219 corresponds to by the authenticated person ID 236 .

FIG. 12 is a flow chart illustrating the processing of the card payment terminal 200. As shown in FIG.

In step S1201, the power of the card payment terminal 200 is turned on at the member store, and the biometric data acquisition device 208, signature input device 207 and card terminal 209 wait for input.

In step S<b>1202 , the card terminal 209 executes payment acceptance processing using the payment acceptance device 211 . For example, in the payment acceptance process, the payment amount and payment method for the product or service are accepted.

In step S1203, the card terminal 209 uses the card data reading/writing device 210 to execute card data reading processing. For example, in the card data reading process, the data storage area for the card data D is initialized and the card data D is read. When the card data D is read, the card data D is stored in the card data D data storage area. If the reading of the card data D fails a predetermined number of times, for example three times, an error is displayed.

In step S<b>1204 , card terminal 209 uses signature input device 207 or biometric data acquisition device 208 to acquire signature data 214 or biometric data 206 . For example, the data storage area reserved for signature data 214 or biometric data 206 is initialized, and the acquired data is stored in the data storage area.

In step S1205, the card terminal 209 automatically determines whether the acquired data is signature data or biometric data. The discrimination process may be performed, for example, by recognizing features or patterns of each data. For example, in the case of fingerprint data, the acquired data is image data, and is characterized by the presence of many layered lines on the image. For example, in the case of finger vein data, two-dimensional data relating to time and amplitude are acquired, and the amplitude has the characteristic of showing pulsations at regular intervals. For example, in the case of signature data, the obtained data is image data, and is characterized by linear characters or graphics.

If it is determined in step S1205 that the acquired data is signature data, the card terminal 209 performs signature data collation processing in step S1206. Details of the signature data matching process will be described later with reference to FIG.

If it is determined in step S1205 that the acquired data is biometric data, card terminal 209 performs biometric authentication processing in step S1207.

In step S 1208 , card terminal 209 creates payment data 215 , transmits payment data 215 to server 216 , and receives credit result data 219 from server 216 . If the credit result data 219 determines that the settlement is unsuccessful, the transaction is canceled.

When biometric authentication is performed in step S1207, the card terminal 209 checks whether the biometric data 205 is included in the card data D that has already been acquired.

If the biometric data 205 is not included in the card data D, biometric authentication cannot be performed at the card terminal 209 . In this case, after sending the payment data 215b including the biometric data 206 acquired by the biometric data acquisition device 208 to the server 216 in the above step S1208, any one of the servers 216 to 218 can send the biometric data 215b to the server 216 as described above. Authentication is performed.

If card data D contains biometric data 205, card terminal 209 executes biometric authentication. If the biometric authentication at the card terminal 209 fails, the settlement is not established at this point. Therefore, in this case, it is not necessary to create the payment data 215, transmit the payment data 215 to the server 216, and receive the credit result data 219 from the server 216 in step S1208.

When the biometric data 205 stored in the card data D is for a plurality of persons, the card terminal 209 or one of the servers 216 to 218 checks the biometric data 206 acquired by the biometric data acquisition device 208. The biometric data of the biometric data for the plurality of people are matched in order until the biometric data for the plurality of people are matched until the matching is completed or until the matching is executed for all of the biometric data for the plurality of people. When the verification is completed, the card terminal 209 or one of the servers 216 to 218 obtains the verified person ID.

At step 1209, the card terminal 209 registers the transaction ID 220, transaction data 222, shipping data 223, and settlement/authentication data 224 in the database DB.

If biometric authentication has been performed in step S1207 or step S1208, the card terminal 209 will send the processing device 212 to store the ID of the person to be authenticated in the database DB.

The processing device 212 can determine the biometric authentication result in any one of the servers 216 to 218 based on the credit result data 219 . The processing device 212 determines whether or not biometric authentication has been performed, based on the biometric authentication execution flag 235 included in the credit result data 219 . When the processing device 212 determines that the biometric authentication has been performed, the processing device 212 confirms the presence or absence of the person-to-be-authenticated ID. If there is no ID of the person to be authenticated, it is determined that the biometric authentication has failed, and if there is the ID of the person to be authenticated, it is determined that the biometric authentication has succeeded.

In step 1210, the card terminal 209 notifies the failure of biometric authentication or signature data collation. For example, the card terminal 209 may display or audibly output biometric authentication failure or signature data collation failure from the display or speaker provided in the card settlement terminal 200 .

Moreover, the card terminal 209 may notify the user U using communication means. For example, the mail address of the user U may be registered in the database DB in advance, and the processing device 23 may refer to the mail address in the database DB and send a mail addressed to the user U using the communication device 213 .

When biometric authentication is performed by any one of the servers 216 to 218 and the biometric authentication fails, the user U may be notified by the server on which the biometric authentication has failed.

Further, even when biometric authentication or signature data collation is successful, the card terminal 209 may display or output a message indicating success.

In step 1211 , when the card terminal 209 determines that the biometric authentication has failed, the processor 212 sends an instruction to write the authentication failure flag 204 to the card data read/write device 210 . The card data reader/writer 210 writes the authentication failure flag 204 to the card C.

If biometric authentication fails, there is a high possibility that a third party is using the card fraudulently. Therefore, in this embodiment, the card terminal 209 determines that the card C written with the authentication failure flag 204 cannot be used when it is read by the card terminal 209 next time, thereby enhancing card security.

In step S1212, the card terminal 209 returns to step S1202 in the case of continued use. If it is not used continuously, the card settlement terminal 200 powers off in step S1213.

FIG. 13 is a flowchart illustrating signature data matching processing.

In step S1301, the signature input device 207 reads the signature D3 of the card C, and retains it as the signature data 227 on the card C when the reading is successful.

If the signature input device 207 fails to read the signature D3 (step S1302), it returns to step 1301 and reads the signature data 227 on the card C again. If the reading of the signature D3 fails more than the prescribed number of times (step S1303), the verification of the signature data fails, and the process may end. Determination of failure or success in reading the signature D3 may be performed by automatically determining the signature area A on the card C by image processing or the like, and using whether or not the signature area A is normally acquired as a determination criterion. The processing device 212 may determine whether the reading of the signature data 227 on the card C has failed or succeeded.

In step S1302, if the signature data 227 on the card C is successfully read, the processing device 212 collates the signature data 227 on the card C with the signature data 214 input by the user U (step S1304).

If it is determined that the signature data 227 on the card C and the signature data 214 input by the user U are similar to each other, and if the verification is successful, the verification process is completed. If it is determined that the signature data 227 on the card C and the signature data 214 input by the user U are dissimilar, or if the signature data 227 on the card C could not be obtained in step S1302, collation fails. In step S1210 described above, the user is notified.

It is preferable that the signature data matching process is automatically performed by image matching technology such as pattern matching. method.

In a card storing biometric data of a plurality of persons, that is, a card that can be used by a plurality of persons, the signature data changes each time when a plurality of persons use the card for signature input. For this reason, only one specific person out of a plurality of persons may be permitted to enter a signature. Also, a card that can be used by more than one person may not be able to use the signature input. For example, in the case of a card that can be used by multiple people, the transaction may be stopped when it is determined that the acquired data is signature data in step S1205 of FIG. may be notified of the impossibility of transaction, or the user U may be notified or warned.

If it is possible to store the signature data in the card in the same manner as the biometric data, even when the signature data is entered, authentication can be performed in the same manner as biometric data authentication, which will be described later. Signature verification is applicable even to cards that can be used by

In the present embodiment, the card payment terminal 200 has been described as being installed in a member store of a card payment service. Other devices that can acquire the data D may be used. For example, the card payment terminal 200 may be an information processing device having a biometric data acquisition function, a card data reading function, a payment acceptance function, a biometric authentication function, and a communication function. Each function of the information processing apparatus may be realized by software, by hardware, or by cooperation between software and hardware. Hardware necessary for realizing each function of the information processing device may be built in the information processing device or may be externally attached to the information processing device. The purchase of a product or service according to this embodiment may be made at a store, or may be made at an electronic commerce site or service providing site on a network. As the information processing device, for example, a mobile phone, a personal computer, a tablet computer, etc. are used.

In this embodiment, the data stored in the database DB has been described as data for each customer, but the data stored may be data for each transaction. In this case, it is also necessary to store information identifying the customer, such as the customer's name or customer ID, for each transaction.

In the present embodiment, the case where the data acquired from the user U at the time of card payment is only signature data or biometric data has been described as an example. It may be selectable.

In the flowcharts of FIGS. 12 and 13, the order of steps may be changed as appropriate within a range that does not affect the processing results.

In this embodiment, the payment data 215, 215a-215c may be divided into multiple pieces.

The effects of this embodiment will be specifically described below.

In this embodiment, the card payment terminal 200 supports multiple card authentication methods. For example, it automatically determines whether the data acquired from the user U is signature data or biometric data. As a result, the member store clerk who operates the payment terminal 209 can automatically proceed with the card payment process without being aware of the type of data to be acquired. can be improved.

Also, as shown in the first embodiment, it is assumed that one card is used by a plurality of people. In the present embodiment, when biometric authentication is performed by the card terminal 209 or one of the servers 216 to 218, and if there are multiple pieces of biometric data 205 included in the card data D, the biometric data 205 is compared with the acquired data. Verification is performed on each biometric data in turn until completed. When the collation is completed, the collation result is stored in the database DB. This makes it possible to identify the person who used the card even if the card is shared and used by a plurality of people. Furthermore, when authentication fails, the user is notified and the card is disabled by writing authentication failure information to the card, thereby preventing fraudulent use of card payments.

In addition, if Card C is used illegally by a third party, it is unlikely that biometric authentication will succeed in authentication by using the card by someone other than the contractor, but in the case of other PIN authentication or signature input, If so, there is a possibility that the card may be used fraudulently by someone other than the person himself/herself. Or, even if the card is not used illegally, there is a possibility that the card is used unintentionally by the person due to fraud or the like. In this embodiment, when the card payment terminal 200 acquires the signature data 214 from the user U, the card settlement terminal 200 compares whether the signature data 214 and the signature data 227 on the card C are similar to each other. 214 validity. Furthermore, when the collation fails, by notifying the user U to that effect, the fraudulent use of the card C is notified. Thereby, even when signature authentication is performed, the security of the card C can be enhanced.

In the present embodiment, the signature input device 207 reads the signature data 227 on the card C when the card settlement terminal 200 verifies the signature data. However, if the card data reader/writer 210 has a function to read the signature data 227 on the card C, the card data reader/writer 210 may read the signature data 227 on the card C.

In this embodiment, data relating to card settlement is stored in the database DB. As a result, the store does not need to manage paper-medium card settlement documents signed by customers face-to-face for a long period of time, and can greatly reduce store management costs and labor.

[Third Embodiment]
In the third embodiment, a card payment system is configured using the card payment terminal 200 and server 218 shown in the second embodiment. The purpose of this card payment system is to provide security services to prevent unintended card payments for users such as the elderly, disabled, and minors.

The third embodiment can also be applied when using the multifunctional card 1 described in the first embodiment.

An embodiment of a card payment system according to a third embodiment will be described below with reference to the drawings.

FIG. 14 is a block diagram showing an example of the configuration of the card payment system according to this embodiment. In this embodiment, in addition to the card payment terminal 200 and server 218 shown in the second embodiment, a card payment system 300 is configured that further includes an operator 301 and a database 302 connected to the server 218 . The server 218 is described below as being the issuer's server 218 , but may also be the acquirer's server 216 or the card brand's server 217 .

The settlement data 215 and the credit result data 219 are used for communication between the card settlement terminal 200 and the server 218, and their operations and configurations are as described in the second embodiment.

Server 218 is capable of reading and writing data stored in database 302 .

The database 302 contains user U's personal information 302a necessary for card payment, abnormal pattern information 302b indicating patterns of past abnormal payment data, and arbitrary data included in the payment data 215 used for user U's past card payment. store the information of

The operator 301 is an interface used by the user U to set personal information 302a in the database 302. For example, the operator 301 may be an issuer-side telephone operator acting as a proxy for the setting, or may be an issuer's server 218. may be a registration form dedicated to user U provided in .

The operator 301 may be included in the server 218, or the operator 301 may be omitted if the user U has means for directly accessing the database 302. FIG.

FIG. 15 is a flow chart illustrating setting processing of the personal information 302a according to this embodiment.

The user U registers personal information (card usage condition information) 302a, such as the credit limit for card payment and the payment area, in the database 302 in advance. It becomes possible to determine whether or not the payment is made by card using the registered personal information 302a.

The user U requests the operator 301 to set the personal information 302a such as the number of card payments used, the limit of use, or the settlement area (step S1501). The purpose of setting settlement areas is to prevent card usage outside the living area. For example, charging companies for fraudulent billing, consumer damage, fraud damage, etc. (hereinafter referred to as fraud damage, etc.) tend to be concentrated in some areas. Therefore, monitoring settlement areas is effective in preventing fraud damage and the like.

Note that the user U may request the operator 301 to set additional personal information 302a as necessary.

When the operator 301 receives the user U's request for setting the personal information 302a, the operator 301 transmits a user information setting command to the server 218 (step S1502).

When the server 218 receives the user information setting command from the operator 301, the server 218 sets the user information in the database 302 (step S1503).

FIG. 16 is a flowchart illustrating processing in the security service according to this embodiment. It is assumed that user U's personal information 302a is set in the database 302 according to the procedure shown in FIG.

When the user U purchases goods or services by card payment using the card payment terminal 200 installed in the member store (step S1601), the card payment terminal 200 creates payment data 215, 215 to the server 218 (step S1602).

The server 218 refers to the number of times of use, which is the personal information 302a of the user U set in the database 302, and compares it with the actual number of times of use of the user U obtained by searching the inside of the database 302 (step S1603). If the number of times user U has used the card exceeds the set number of times, the server 218 determines that the card cannot be used, that is, the credit result is NG, and the process proceeds to step S1608. Otherwise, the process moves to step S1604.

The server 218 refers to the payment area, which is the user U's personal information 302a set in the database 302, and compares it with the address of the member store information 230 included in the payment data 215 (step S1604).

If the address of the member store information 230 is not included in the settlement area set in the database 302, the server 218 determines whether there is a suspicion of fraud or the like (step S1605). For example, if payment data such as past fraud damage is stored in the database 302, the payment data such as past fraud damage is read out as the abnormal pattern information 302b, and the member store information 230 and the payment amount 226 of the payment data 215 are read. You may determine whether there is suspicion of fraud damage etc. by comparing with. Further, for example, the payment amount 226 may be compared with the usage limit set in the database 302 by the user U, and if the payment amount 226 is higher than a certain standard, it may be determined that there is a suspicion of fraud damage. .

If it is determined in step S1605 that there is no suspicion of fraud damage or the like, the process proceeds to step S1608. If it is determined that there is a suspicion of fraud damage or the like, the server 218 confirms the safety of the user (step S1606). The user U receives the safety confirmation service (step S1607). The method of receiving the safety confirmation service may be automatic voice contact to the contact information set in advance by the user in the database 302, automatic mail transmission, or contact by other means. Furthermore, if the safety confirmation cannot be taken, the server 218 sends automatic voice contact, automatic mail transmission, or other You may contact us by any means.

In step S 1608 , the server 218 creates credit result data 7 indicating that the credit result is NG, and transmits it to the card settlement terminal 200 . If it is determined in step S1605 that there is fraud damage, etc., the information related to the transaction in the payment data 215, that is, the payment amount 226, the member store information 230, and other necessary information are stored in the database 302. memorize to The card payment terminal 200 receives the credit result NG data, and the payment is not established (step S1609).

In step S1604, if the server 218 determines that the address of the member store information 230 is within the payment area set in the database 302, the server 218 adds up the payment amount 226 of the user U in the current payment data 215. In addition, the cumulative amount of payments made by the user U over a certain past period stored in the database 302 is compared with the usage limit set in the database 302 by the user U (step S1610). If the accumulated amount is within the credit limit, the credit result is determined to be OK, and the process proceeds to step S1615. If the accumulated amount is not within the usage limit, the server 218 confirms with the user U whether to cancel the usage limit (step S1611).

When the user U receives the notification of the cancellation of the usage limit, the user U requests the operator 301 to set whether or not to cancel the usage limit (step S1612).

In step S1613, when the operator 301 receives a setting request from the user U to cancel the usage limit limit and determines that the usage limit for the user U can be set to exceed the payment amount 226, The server 218 is instructed to cancel the usage limit limit of the user U. If the operator 301 does not receive a setting request for canceling the credit limit limit, or if the credit limit cannot be set to exceed the payment amount 226, the operator 301 determines that the credit is NG, and sends the server 218 the above information. is instructed to move to the processing of step S1608.

When the server 218 receives the instruction to cancel the usage limit limit from the operator 301, the usage limit for the user U is set to an amount that can be set and exceeds the payment amount 226 (step S1614).

In step S 1615 , server 218 creates credit result data 219 indicating that the credit result is OK, and transmits it to card settlement terminal 200 . In addition, among the payment data 215, the information identifying the transaction by user U and the amount, that is, the card number 201, the name 203, the payment amount 226, the payment method, and other necessary information are stored in the database 302. Remember. The card payment terminal 200 receives the credit result OK data, and the payment is completed (step S1616).

In this embodiment, personal information 302a such as the number of times of use, limit amount, and settlement area is set in the database 302, and in the server 218, the personal information 302a stored in the database 302 or the past card settlement information and the current By comparing and collating with the payment data 215 to determine whether or not the credit can be granted, it is possible to prevent unintended use of the card by the user U and card damage such as fraud damage.

In the present embodiment, the number of times the card is used may be set for each user on a monthly basis or a daily basis. In addition, the usage limit of conventional general credit cards can be set only for the entire usage limit, and the usage limit for debit cards or cash cards is the entire bank account balance, but in this embodiment, The credit limit may be finely set according to the purpose of use of the card. For example, it may be possible to set cash refund up to 20,000 yen up to once a day, transfer up to 30,000 yen up to twice a day, and normal shopping up to 10,000 yen up to 3 times a day.

In this embodiment, the user U's personal information 302a such as the number of uses, limit amount, and settlement area set in the database 302 is based on the server 218's patternization of user's U's card usage details, or the server 218 sets the user's personal information 302a. The server 218 may set automatically by scoring based on the number of times U's card is used, intervals of use, stores used, purpose of use, credit balance, and the like.

In the flow chart of FIG. 16, the sequence of steps is within the range where the current payment data 215 can be compared with the personal information 302a or past card payment information stored in the database 302 of the server 218, for example. If so, it may be changed as appropriate, or a plurality of steps may be collectively performed by one processing module.

In the present embodiment, when the user U tries to settle an amount exceeding the credit limit set in advance, the server 218 asks the user U to confirm that the credit limit has been lifted. As a result, it is possible to prohibit cancellation of the usage limit by someone other than the user U, and to prevent unintentional expensive card payment by the user U.

Furthermore, in this embodiment, when it is determined that there is a suspicion of fraud damage, etc., the safety of the person is confirmed, thereby strengthening the protection of the user U, such as the elderly, the disabled, and minors. can.

Each of the embodiments described above are examples and are not intended to limit the scope of the invention. Each of the above-described embodiments can be implemented in various other forms, and various omissions, replacements, and modifications can be made without departing from the scope of the invention. Each of the above-described embodiments and modifications thereof are included in the scope and spirit of the invention, as well as in the scope of the invention described in the claims and equivalents thereof.

DESCRIPTION OF SYMBOLS 1...Multifunctional card 1A...Card body 2...Integrated circuit 3...Communication unit 3A...Antenna circuit 4...Processor 5A, 5B, 5C...Memory 8...Information processing device 8A...Card writer 9 Biometric authentication device 9A Card reader/writer 9B Biosensor 9C Verification unit 10 Control software 12 Setting information 13 History information 41 Control unit 61 Card settlement function 71-7N... biometric data, 111-11K... software.

Claims (1)

comprising a memory and a processor;
The memory stores first biometric data of a first user who can use a first function for payment, first user identification information indicating the first user, and the first second biometric data of a second user who can use a second function different from the function and is different from the first user; second user identification information indicating the second user; storing historical information about the first function and the second function;
The processor
When the first user uses the first function, the first biometric data is wirelessly transmitted to a first external device, and based on the first biometric data from the first external device receiving the first result data of the first biometric authentication wirelessly, and adding the first user identification information, the first identification information indicating the first function, and the first identification information to the history information; adding first information that associates the result data with the first time information;
When the second user uses the second function, the second biometric data is wirelessly transmitted to the first external device or a second external device different from the first external device. , wirelessly receives second result data of second biometric authentication based on the second biometric data from the first external device or the second external device, and includes the second usage in the history information adding second information that associates person identification information, second identification information indicating the second function, the second result data, and second time information;
integrated circuit.

Images