JPH10154192A - Electronic money system and recording medium - Google Patents

Abstract

PROBLEM TO BE SOLVED: To effectively prevent the forgery, etc., of money data and also to easily detect an illegal transaction. SOLUTION: In an electronic money system in which electronic money is transacted by using an electronic money card 19 that stores electronic money having a money value, what is provided with an IC part 20 and an optical storing part 21 is used as the card 19. The part 20 records information which specifies the card 19, the balance, information that accesses the part 21, etc., and the part 21 records the entire history of electronic money transactions which are performed by using the electronic money card. The transaction history is also registered in a computer of an electronic money transaction system. The occurrence place of illegality, the amount of a sum, etc., are detected by tracking the transaction history.

Description

DETAILED DESCRIPTION OF THE INVENTION

[0001]

BACKGROUND OF THE INVENTION 1. Field of the Invention The present invention relates to an electronic money system for trading electronic money as financial information.

[0002]

2. Description of the Related Art An electronic money system which enables electronic settlement using monetary data having a monetary value is disclosed, for example, in Japanese Patent Publication No. 7-111723.

[0003]

In an electronic money system, it is necessary to effectively prevent use by unauthorized persons, copying of financial data, forgery, and the like. Further, when the use of forged financial data is found, it is desirable that the distribution channel can be traced to find the source of fraud or forgery. However, an electronic money system satisfying such a demand has not yet been proposed.

[0004] The present invention has been made in view of the above situation, and has as its object to provide an electronic money system capable of effectively preventing forgery or the like of money data. Another object of the present invention is to provide an electronic money system that easily detects unauthorized transactions and has excellent traceability.

[0005]

In order to achieve the above object, an electronic money system according to a first aspect of the present invention includes a write-once storage unit and an IC memory unit, and stores information relating to a monetary value. An electronic money system comprising: an electronic money card; a plurality of terminals for processing the electronic money card; and a computer connected to the plurality of terminals via a communication line. And transaction history information including a transaction identification code for identifying the transaction, and at least one of a transaction amount and a balance.
The C memory unit stores position information indicating the final position of the transaction history information stored in the write-once type storage unit, and the plurality of terminals instructs the electronic money card to store information relating to a monetary value. An input means for inputting the transaction amount and an instruction, and an instruction message transmitting means for transmitting the instruction and the transaction amount and the account specifying information for specifying an account input by the input means to the computer as a charge request message. The computer comprises: means for receiving the charge request message; amount transfer means for moving an amount indicated by a transaction amount from an account specified by account identification information in the received charge request message to a predetermined account; Response message transmission means for transmitting a response message indicating that the transfer of the amount by the amount transfer means has been completed, further comprising: In response to receiving the answer message, according to the position information stored in the IC memory unit comprises means for writing the transaction history information corresponding to the response message to the write-once type storage unit, characterized in that.

According to such a configuration, the electronic money card can be charged with electronic money, and various transactions can be performed using the charged electronic money. Moreover, since the transaction history is recorded in the write-once type storage unit, when an abnormality occurs, by verifying the recorded contents of the write-once type storage unit, it is possible to easily detect an improper act or the like. In addition,
The electronic money card only needs to have the function of the electronic money card as an entity, and its shape is arbitrary such as a box, a disk, a notebook, a notebook, and the like. The account can be any account such as a savings account, a checking account, a loan account, and the like, and the economic basis (whether cash or loan) for generating electronic money is arbitrary.

The write-once type storage unit is constituted by, for example, an optical storage unit in which pits are physically formed by irradiating light energy to which data is written and which cannot be rewritten.

[0008] At least one of the write-once type storage unit and the IC memory unit of the electronic money card stores the account identification information, and the instruction message transmitting means is configured to store the account information stored in the electronic money card. It comprises means for reading the specific information and means for transmitting the read account specifying information. The account specifying information may be the account number itself, or another number corresponding to the account number, for example, a card ID.

The computer determines whether or not the balance of the account specified by the account specifying information is equal to or greater than the transaction amount specified by the charge request message. If the balance is less than the transaction amount, an error message is generated. Means for transmitting to the terminal and stopping the transaction may be provided. With such a configuration, the security of the transaction can be improved.

The transaction history information includes, for each transaction, a transaction type, a transaction date, information specifying the terminal that has processed the transaction, and a transaction amount. By tracking such information, it is possible to determine a fraudulent part or the like. In this case, it is desirable that the write-once type storage unit of the electronic money card store transaction histories of all transactions made with the electronic money card.

[0011] The computer may include transaction history storage means for storing transaction histories of all transactions made with the electronic money card. By matching the transaction history registered in the electronic money card with the transaction history recorded in the computer, fraud and the like can be detected more easily.

The charge request message includes a card identification code for identifying an electronic money card, and the computer stores the card identification code of the electronic money card whose use is not permitted as an unauthorized card ID. An ID storage unit compares the card identification code included in the charge request message with the fraudulent card ID stored in the fraudulent card ID storage unit. If a matching fraudulent card ID is detected, the transaction is stopped. Means may be arranged. According to such a configuration, when a registered accident card or the like is used, it can be detected and the transaction can be stopped.

An unauthorized terminal ID storing means for including the terminal identification code in the charge request message, and storing, in the computer, the terminal identification code of the terminal whose use is not permitted as an unauthorized terminal ID; Comparing the included terminal identification code with the unauthorized terminal ID stored in the unauthorized terminal ID storage means,
If D is detected, means for stopping the transaction may be arranged. According to such a configuration, when a registered accident terminal or the like is used, it can be detected and the transaction can be stopped.

A certificate authority for assigning a personal public key and / or card identification code attached to each electronic money card and determining whether or not these personal public keys and / or card identification codes are registered in the system is provided. May be.

Each IC memory unit has a pair of personal public key and personal secret key, each terminal has a pair of terminal public key and terminal secret key, and the charge request message contains information on transaction and the personal A first authenticator generated by the electronic money card using a secret key, information on the transaction, a second authenticator generated by the terminal using the terminal secret key, the personal public key, A terminal public key, the computer determines whether the first and second authenticators match using the personal public key and the terminal public key, and only when the two match, A process for performing charging may be performed. According to such a configuration, unauthorized use of the electronic money card can be detected more accurately.

[0016] The transaction history stored in the write-once storage unit of the electronic money card may not include information for specifying the electronic money card. According to such a configuration, the capacity of the write-once storage unit can be used effectively.

Whether or not the operator has the authority to use the electronic money system may be determined based on the physical characteristics of the operator.

An electronic money system according to a second aspect of the present invention is an electronic money system for trading electronic money, which is electronic information having a monetary value, wherein the electronic money system includes at least a balance. A plurality of electronic money cards comprising: first storage means for storing information about the electronic money and a card identification code for identifying itself; and second storage means for storing the transaction history of the electronic money. A bank center having a settlement account corresponding to the electronic money card and a terminal identification code for identifying itself are attached, the electronic money card is attached, and an instruction is given to replenish the electronic money of a predetermined amount to itself. Charge request input means for inputting a charge request to be made;
Charge request transmitting means for transmitting the charge request;
An electronic money transaction device comprising: a plurality of electronic money cards; a balance storage unit for storing balances of the plurality of electronic money cards; and, in accordance with the charge request from the electronic money transaction device, another predetermined value from the settlement account corresponding to the electronic money card. Charge instructing means for instructing the bank center to transfer the predetermined amount to an account; means for adding the predetermined amount to the balance of the electronic money card stored in the balance storage means; and storing a transaction history. A computer comprising: a transaction history storage unit; and a transaction completion notification transmitting unit that transmits a transaction completion notification indicating completion of the transaction to the electronic money transaction device. History writing means for writing a transaction history in the second storage means in response to the transaction completion notification; and the first storage means Further comprising the charge request to the stored balance and card balance updating means for adding the predetermined amount to be instructed to, characterized in that.

According to such a configuration, the electronic money card can be charged with the electronic money, and various transactions can be performed using the charged electronic money. Moreover, since the transaction history is recorded in the write-once type storage unit, when an abnormality occurs, by verifying the recorded contents of the write-once type storage unit, it is possible to easily detect an improper act or the like. The settlement account is optional, such as a savings account, a checking account, a loan account, a credit account, etc., and the financial basis for generating electronic money (whether the corresponding amount is debited from the account or loaned) is optional. It is.

[0020] The computer may include a balance (or a lending limit) of the settlement account corresponding to the electronic money card.
Determining whether or not is equal to or more than the predetermined amount indicated by the charge request, if the balance is less than the predetermined amount, means for transmitting an error message to the electronic money transaction device, means for canceling the transaction, May be provided. With such a configuration, the security of the transaction can be improved.

For example, the first of the electronic money card
The storage means is constituted by an IC chip having a memory, and the second storage means is constituted by a non-rewritable storage medium.

[0022] The transaction history may include the card identification code of the electronic money card and the terminal identification code of the electronic money transaction device. According to this configuration, it is possible to identify the card or the terminal in which the fraud has occurred.
Further, information for specifying the electronic money card may be removed from the transaction history recorded on the electronic money card. The transaction history registered in each electronic money card always uses the electronic money card. Therefore, there is no problem even if this data is removed.

The transaction history includes, for example, a transaction date,
It includes the terminal identification code of the electronic money transaction device that has transmitted the charge request and a transaction amount. The transaction can be tracked using this information.

The second storage means of the electronic money card stores, for example, transaction histories of all transactions made with the electronic money card. The transaction history storage means of the computer records, for example, transaction histories of all transactions made with the electronic money card. With such a configuration, it is possible to accurately track a transaction. Also, by comparing the transaction history stored in the electronic money card with the transaction history stored in the computer, it is possible to easily determine the location where the fraud has occurred.

An accident card, an accident terminal, or the like, whose use is not permitted, may be registered in the computer, and the transaction may be prohibited when the card or the terminal is used.

A certificate authority for determining whether the electronic money card is registered as usable in the electronic money system may be arranged. The certificate authority determines, for example, whether a personal public key or a card identification code of the electronic money card is registered in advance.

[0027] The electronic money card includes a pair of personal public keys and a personal secret key, the electronic money transaction device includes a pair of terminal public keys and a terminal secret key, and the charge request includes information on the transaction and the information. A first authenticator generated using a personal secret key, including information on the transaction, a second authenticator generated using the terminal private key, the personal public key, and the terminal public key, The computer may be configured to determine whether the first and second authenticators match using the personal secret key and the terminal secret key. If a fraud occurs on one of the electronic money card and the electronic money transaction device, the first authenticator and the second authenticator do not match. Therefore, fraud can be determined.

It should be noted that characteristic data indicating the physical characteristics of the operator is read, and based on this, it can be determined whether or not the user has the right authority.

An electronic money system according to a third aspect of the present invention is an electronic money system for trading electronic money using an electronic money card storing electronic money having a monetary value. A write-once storage unit and an IC memory unit. The IC memory unit stores information for specifying an electronic money card and information for accessing the write-once storage unit. Transaction means for trading electronic money stored in an electronic money card, and history recording means for storing, in a write-once storage unit of the electronic money card, a history of transactions of electronic money performed using the electronic money card And characterized in that: According to such a configuration, transactions of electronic money made by each electronic money card are recorded in the write-once type storage unit. It is difficult to falsify the write-once storage unit. Therefore, by tracking the transaction history recorded in the write-once type storage unit, it is possible to determine the presence or absence of fraud.

[0030] The electronic money system may further include history storage means for storing a history of electronic money transactions performed in the electronic money system. With such a configuration, fraud and the like can be tracked more accurately and easily.

An electronic money system according to a fourth aspect of the present invention is an electronic money system in which electronic money is traded using a medium on which electronic money information is recorded. Reading means for reading characteristic data relating to physical characteristics, scanning means for scanning the whole or a part of the body of the card user, and converting the data scanned by the scanning means into a format of data recorded on the medium Means,
Scanning means for comparing the converted data with data recorded on the medium; means for judging the degree of coincidence by comparing the data; means for validating electronic money transactions when the judgment result is a certain value or more. And the following. According to such a configuration, the legitimacy of the operator can be determined based on the physical characteristics of the operator, and illegal use can be effectively prevented.

The electronic money system is composed of an electronic money card for storing information relating to a monetary value, a plurality of terminals for processing the electronic money card, and a computer connected to the plurality of terminals via a communication line. An electronic money system configured, wherein the plurality of terminals are input means for inputting an instruction to store information about a monetary value in the electronic money card and a transaction amount, and input by the input means. Charge request means for transmitting an instruction and a transaction amount and account identification information for specifying an account to the computer as a charge request message, wherein the computer receives the charge request message, Store the account identification information and transaction amount indicated by the charge request message as loan information, and return the charge response message Means, further wherein the plurality of terminals,
The system may further include means for recording transaction history information including information on monetary value on the prepaid card in response to receiving the charge response message from the computer. According to such a configuration, the electronic money card can be charged with the electronic money, and various transactions can be performed using the charged electronic money.

[0033] The computer may further include an amount transfer means for transferring the transaction amount from the account specified by the account specifying information to a predetermined account based on the loan information.

According to a sixth aspect of the present invention, there is provided a medium comprising: a computer having a write-once storage unit and an IC memory unit, and a plurality of terminals for processing an electronic money card storing information relating to a monetary value; And a center connected by communication with the plurality of terminals, a computer-readable recording medium recording a program for functioning as the terminal in a system including: An input unit for inputting an instruction to store the electronic money card and a transaction amount, the instruction and the transaction amount input by the input unit, and account specifying information for specifying an account, as a charge request message; Transmission means for transmitting to the center, a charge permission returned from the center in response to the charge request message The electronic money card receives the electronic message, reads out the position information indicating the position where the data is to be written from the IC memory unit of the electronic money card, and stores the transaction history information including the information on the monetary value of the electronic money card according to the position information. A program for functioning as a means for writing to the write-once storage unit is recorded. According to such a configuration, a terminal for charging the electronic money card with the electronic money can be realized using a normal computer.

A medium according to a seventh aspect of the present invention is a computer-readable storage medium storing an electronic money information, a card identification code, and an electronic money system in an electronic money system for trading electronic money, which is electronic information having a monetary value. A computer-readable recording medium that functions as an electronic money transaction device that processes an electronic money card that stores a transaction history of money and requests the computer to replenish the electronic money card with a predetermined amount of electronic money. Charge request inputting means for inputting a charge request to be charged, charge request transmitting means for transmitting the charge request to a center, and responding to a notification from the center returned in response to the charge request to store the transaction history in the electronic money. Card, and the balance stored in the electronic money card is Card update means for adding a constant amount of money,
Record a program to function as According to such a configuration, a terminal for charging the electronic money card with the electronic money can be realized using a normal computer.

A medium according to an eighth aspect of the present invention is a medium for scanning a computer which scans the whole or a part of the body of a card user, and a conversion means for converting data scanned by the scanning means into a predetermined format. Means, reading means for reading characteristic data relating to a user's physical characteristics recorded on a medium on which electronic money information is recorded, and comparing data read by the reading means with data converted by the converting means Means to do
A program is recorded for functioning as means for determining the degree of coincidence in the comparison of the data, and means for validating electronic money transactions when the result of the determination is equal to or more than a certain value.

[0037]

An electronic money system according to an embodiment of the present invention will be described below with reference to the drawings. This electronic money system, as shown in FIG.
Certificate Authority 11 and Electronic Money Server 1
3, an electronic money terminal (transaction device) 15, a bank center 17, and an electronic money card 19.

The center 10 is a computer system that controls (manages) the operation of the entire electronic money system and the distribution of electronic money. The certificate authority 11 of the center 10 generates authentication information for a user or the like in the electronic money system. The certificate authority 11 stores card IDs and public keys of all the electronic money cards 19 used in this system in order to check that the user is registered when performing authentication.

The certificate authority 11 generates and stores a pair of center secret key Ck1 and center public key Ck2. The certificate authority 11
By copying the center secret key Ck1 to the electronic money server 13, the center secret key Ck1 is shared in the center 10. Further, the certificate authority 11 distributes the center public key Ck2 to the electronic money terminals 15 and the like via the electronic money server 13 in advance. Further, the certificate authority 11 generates and stores a signature key Sk for generating personal authentication information described later and a signature made by the signature key Sk, that is, an inspection key Ek for confirming the personal authentication information. , The inspection key Ek is distributed to each electronic money terminal 15 in advance.

As shown in FIGS. 2 and 3, the electronic money server 13 stores a balance table indicating the balance of electronic money held by each electronic money card 19 and a list of card IDs of the electronic money cards 19 that have become unusable. (Accident card list), terminal ID of electronic money terminal 15 that has become unusable
(Accident terminal list) and a list of transaction history of electronic money (transaction history table).

The electronic money server 13 uses these stored data to carry out electronic money transactions and uses the certificate authority 1
The electronic money card 19 and the electronic money terminal 15 are controlled and managed.

The electronic money terminal 15 is a terminal through which a user inserts or inserts the electronic money card 19 and performs a predetermined operation to make a transaction for electronic money. The electronic money terminal 15 has a charge terminal (AT) for replenishing (charging) electronic money to the electronic money card 19.
M), a terminal that processes the transfer of electronic money between electronic money cards, a POS terminal that is arranged in a store or the like and receives electronic money corresponding to the sales amount of goods or services, a vending machine, and the like. One terminal may have a plurality of functions related to electronic money, for example, an ATM function and a POS function.

Each electronic money terminal 15 has a storage unit 30
An input unit 31, a display unit 32, and a card processing unit 33 are provided.

The storage unit 30 stores the terminal ID assigned to the electronic money terminal 15, the inspection key Ek for confirming the personal authentication information supplied from the certificate authority 11, and the center public key Ck.
2. A pair of terminal secret key Tk1, terminal public key Tk2 and center 1
Stores electronic money transaction history and the like when offline with 0.

The input unit 31 inputs an instruction for an electronic money transaction. The display unit 32 displays a processing menu, a message, and the like. The card processing unit 33 is a part of the electronic money card 19
The electronic money card 19 includes an insertion slot, an IC read / write unit for accessing the IC unit 20 of the electronic money card 19, and an optical storage read / write unit for accessing the optical storage unit 21.

FIG. 4A shows an ATM-type electronic money terminal 1.
5 is shown. The input unit 31 and the display unit 32 of the electronic money terminal 15 include a touch panel type display unit 34, and the card processing unit 33 includes card insertion ports 35A and 35B into which the electronic money card 19 is inserted. In the card insertion slot 35A, a transfer source card for normal processing and transfer of electronic money is inserted. The card of the transfer destination at the time of transfer of the electronic money is inserted into the card insertion slot 35B.

FIG. 4B shows an example of a POS type electronic money terminal. The input unit 31 of the electronic money terminal 15 includes a keyboard 31A and a barcode reader 31 for inputting the amount of sales and the like together with an instruction for electronic money transactions.
B and the like. In addition, the display unit 32 displays a sales amount and the like together with a message or the like for electronic money transactions, and includes a display unit 32A for a customer and a display unit 32B for an operator.
The card processing unit 33 has a card insertion slot 35.
Further, a cash drawer 36 and the like are arranged for POS.

The bank center 17 has an electronic money card 19
A settlement account, which is an account of a user (holder), and a separate account, which is an operation account for electronic money held by a bank, and perform deposit / withdrawal processing of these accounts. For example, bank center 17
Is an electronic money card 1 according to an instruction from the center 10.
The transfer from the settlement account corresponding to 9 to another account and the transfer from another account to the settlement account are performed. To perform this transfer process, the bank center 17 prepares an account table that associates the card ID assigned to each electronic money card 19 with the account number of the settlement account of the user (holder) of each electronic money card 19. Stored as shown in FIG.

The electronic money card 19 is composed of an optical IC hybrid card having an IC section (IC chip) 20 and an optical storage section 21, as shown in FIG. Note that the electronic money card 19 only needs to include an IC unit (IC chip) 20 and an optical storage unit 21, and the shape thereof is not limited to a card type and is arbitrary.

The IC section 20 contains a control circuit and a memory circuit. As shown in FIG. 6, this memory circuit stores, in addition to the operation program, a card ID, a personal secret key Pk1, a personal public key Pk2, a balance of electronic money, personal authentication information for online transactions described later, and the like. . Also, the IC unit 20
Of the transaction histories stored in the optical storage unit 21 described later, a final transaction pointer indicating the position of the final transaction history and a transmitted pointer indicating the position of the transaction history last transmitted to the electronic money server 13 are stored. .

The optical storage unit 21 is composed of, for example, a non-rewritable write-once storage medium of a type in which data is written by forming pits or the like by irradiating light energy. The transaction history of the electronic money traded is sequentially stored.

The items constituting the transaction history include usage categories (charge (replenishment of balance), payment, transfer, cashing, etc.) indicating the type of transaction of electronic money, and electronic money cards with electronic money cards for transactions. Terminal I of money transaction terminal 15
D, In the case of transfer of electronic money between the electronic money cards 19, the card ID of the other party, the date of use, the transaction amount, the authenticator (the transaction authenticator created using the above item and the personal secret key Pk1, the above item And a business partner authenticator created using the secret key Pk1 of the business partner (the electronic money terminal 15 or another electronic money card 19).

The basic processing in the electronic money system having such a configuration includes (1) electronic money charging processing (replenishment of the balance stored in the electronic money card 19), (2) personal authentication information issuing processing, There are (3) electronic money payment processing, (4) matching processing, (5) electronic money transfer processing, (6) electronic money realization processing, and the like. These processes will be described below in order.

(1) Electronic Money Charge Processing Electronic money charge processing will be described with reference to FIG. A
The electronic money terminal 15 having the TM function displays a process selection menu as shown in FIG. The user selects “1) Charge electronic money” from the processing menu displayed on the display unit 32 (the touch panel 34).

In response to this selection, the electronic money terminal 15
Displays a message indicating that the electronic money card 19 should be inserted into the card insertion slot 35A, as shown in FIG. 8B.

When the electronic money card 19 is inserted, the electronic money terminal 15 displays a charge amount input screen as shown in FIG. 8C, and the user inputs a desired charge amount from the input section 31 (touch panel 34). Enter the amount. When the charge amount is input, the electronic money terminal 15 transmits, to the electronic money card 19, the transaction information including the transaction type (charge), the date of use, and the transaction amount (charge amount), and the terminal ID. Then, a request signal for requesting transmission of the card ID and the personal public key Pk2 is transmitted (P1).

The IC section 20 of the electronic money card 19 adds the card ID to the terminal ID and the transaction information, and uses the personal secret key Pk1 to transfer the information to the transaction authenticator $ Pk1 (terminal ID
+ Transaction information + card ID), and the transaction authenticator, card ID and personal public key Pk2 are converted to the electronic money terminal 15.
(P2).

The electronic money terminal 15 receives the card I
D, in addition to the transaction information and the terminal ID, and using the terminal secret key Tk1, the supplier authenticator @ Tk1 (terminal ID + transaction information + card I
D) Create｝. The electronic money terminal 15 uses the created supplier authenticator @ Tk1 (terminal ID + transaction information + card I
D) Instructs the charge of the requested amount and the charge request message including the terminal public key Tk2, the card ID of the electronic money card 19, the personal public key Pk2, and the transaction authenticator. (P3). The charge request message includes the terminal ID of the electronic money terminal 15 of the transmission source.

The electronic money server 13 stores the received card ID and terminal ID in the accident card list (FIG. 2B) and the accident terminal list (FIG. 2) stored in the storage unit 30.
It is determined whether (C) is registered. If it is determined that the received card ID and terminal ID are not registered in these lists, the electronic money server 13
Using the received personal public key Pk2, the transaction authenticator {Pk1 (terminal ID + transaction information + card ID)} is converted into a terminal ID, transaction information, and a card ID. Further, using the received terminal public key Tk2, the supplier authenticator {Tk1 (terminal ID + transaction information + card ID)} is converted into a terminal ID, transaction information, and a card ID. Furthermore, the terminal ID converted from the transaction authenticator
It is determined whether the transaction ID, the transaction information, the card ID, the terminal ID converted from the supplier authenticator, the transaction information, and the card ID match. If they match, the electronic money server 13 determines that the transaction authenticator and the supplier authenticator are correct, and moves the designated amount from the settlement account corresponding to the card ID to another account of the bank center 17. A withdrawal message instructing to (withdraw) is transmitted to the bank center 17 (P4).

If at least one of the received card ID and terminal ID is registered in the accident card list and the accident terminal list, or the terminal ID converted from the transaction authenticator and the business partner authenticator, the transaction information and the card If at least a part of the ID does not match, the electronic money server 13
Transmits a message indicating that charging is not possible to the electronic money terminal 15 and notifies the administrator or the like of the detection of fraud by displaying a message or the like. The electronic money terminal 15 displays a message to the effect that charging cannot be performed on the display unit 32.

The bank center 17 has the electronic money server 13
When the payment message is received, the account number corresponding to the card ID is determined with reference to the account table shown in FIG. Next, the balance of the settlement account of this account number is checked, and it is determined whether or not the balance is equal to or more than the designated amount. If the balance is determined to be greater than or equal to the amount indicated,
It is determined that withdrawal is possible, and the designated amount is moved (transferred) from the settlement account to another account (P5). Next, a withdrawal completion message notifying the completion of the transfer is sent to the electronic money server 13.
(P6).

When the payment cannot be made due to the shortage of the balance of the settlement account, the bank center 17 transmits a message instructing that the charge cannot be made to the electronic money server 13. The electronic money server 13 stops the charging process and transmits a similar message to the electronic money terminal 15. In response to this message, the electronic money terminal 15 displays a message to that effect on the display unit 32 or the like.

When receiving the withdrawal completion message from the bank center 17, the electronic money server 13 transmits the card ID of the electronic money card 19 and the personal public key Pk2 stored in the storage unit 30 to the certificate authority 11, and (P7). The certificate authority 11 checks whether the received card ID and personal public key Pk2 are registered in the list of the card ID and personal public key Pk2 stored therein. If they are registered, the certificate authority 11
Using the center secret key Ck1, the received card ID and personal public key Pk2 are authenticated as {Ck1 (card ID + Pk2)}.
And sends it back to the electronic money server 13 together with the authentication completion message (P8).

When the electronic money server 13 receives the authentication completion message and the authentication information {Ck1 (card ID + Pk2)}, the electronic money server 13 checks the balance table shown in FIG. Update the balance data indicating the balance. Furthermore, as shown in FIG. 3, the transaction information (use category (charge), use date, transaction amount), card ID, terminal ID, and authenticator (transaction authenticator and supplier authenticator) Is added to the past transaction history and stored. Next, the electronic money server 1
No. 3 adds the authentication information from the certificate authority 11 to the current transaction history, and transmits it to the electronic money terminal 15 together with a charge completion message indicating the completion of the charge (P9).

When receiving the transaction history and the authentication information, the electronic money terminal 15 converts the authentication information into a card ID and a personal public key Pk2 using the center public key Ck2, and checks it. If the authentication information is confirmed to be correct, the balance recorded in the memory area of the IC unit 20 is updated via the control unit of the IC unit 20 based on the received transaction history.

The electronic money terminal 15 is connected to the IC section 20.
The last transaction pointer is read from the address, and the current transaction history ｛transaction information (use category (charge), date of use, transaction amount), card ID, terminal ID, and authentication are stored at the address following the position indicated by the last transaction pointer. The child (transaction authenticator and supplier authenticator)｝ is added to the past transaction history and stored.
Further, the electronic money terminal 15 updates the final transaction pointer and the transmitted pointer recorded in the memory area of the IC unit 20 via the control unit of the IC unit 20 so as to indicate the position of the transaction history added ( P10). Thereafter, the terminal 15 displays that the charging is completed on the display unit 32 and ejects the electronic money card 19.

This electronic money charge processing is performed by the user A
Uses the electronic money terminal 15B (terminal ID “T150”) and uses its own electronic money card 19A (card ID ”).
C99 ") will be described with reference to Fig. 9 as an example, in which electronic money for 10,000 yen is charged.
From the processing menu displayed on the display unit 32, select "1) Charge electronic money", insert the electronic money card 19A into the electronic money terminal 15B, and enter "10,000 yen" as the charge amount.

In response to this input, the electronic money terminal 15B stores the transaction information including the transaction category (charge), the date of use, and the transaction amount, the terminal ID “T150”, the card ID and the personal public key. The request is transmitted to the electronic money card 19A together with a request signal requesting Pk2 (L1).

The electronic money card 19A adds the card ID “C99” to the received terminal ID “T150” and the transaction information, and uses the personal secret key Pk1A to make the transaction authenticator {Pk1A}.
(T150 + transaction information + C99) is created. The electronic money card 19A generates the transaction authenticator $ Pk1A (T
150 + transaction information + C99)｝ with card ID “C99”
Is transmitted to the electronic money terminal 15B together with the personal public key Pk2A (L2).

The electronic money terminal 15B receives the card ID “C
99 "and the transaction information stored in the storage unit 30 as the terminal ID.
, And using the terminal secret key Tk1B, the supplier authenticator {Tk1
B (T150 + transaction information + C99)} is created. The electronic money terminal 15B uses the created supplier authenticator @ Tk1B
(T150 + transaction information + C99) and requesting the charge of 10,000 yen of electronic money, and the terminal ID “T15
Charge request message including “0” and the terminal public key Tk2B;
The card ID “C99” of the electronic money card 19A, the personal public key Pk2A, and the transaction authenticator {Pk1A (T150 + transaction information + C99)} are transmitted to the electronic money server 13 (L3).

The electronic money server 13 receives the terminal I
Unauthorized use of the electronic money terminal 15 and the electronic money card 19 is checked by determining whether D "T150" and the card ID "C99" are registered in the accident terminal list and the accident card list.

As a result of the check, the electronic money card 19A
If it is determined that the electronic money terminal 15B is neither an accident card nor an accident terminal, the electronic money server 1
3 uses the personal public key Pk2A to assign the transaction authenticator to the terminal ID.
And transaction information and a card ID. Further, using the terminal public key Tk2B, the supplier authenticator is converted into a terminal ID, transaction information, and a card ID. Next, it is determined whether the terminal ID converted from the transaction authenticator, the transaction information, and the card ID match the terminal ID converted from the supplier authenticator, the transaction information, and the card ID. If they match, the electronic money server 13 determines that the transaction authenticator and the supplier authenticator are correct, and sends the card ID "C9" to the bank center 17.
A withdrawal telegram instructing to transfer 10,000 yen from the settlement account of 9 "to another account of the bank center 17 is transmitted (L4).

If both or one of the electronic money card 19A and the electronic money terminal 15B is determined to be an accident card or an accident terminal, and / or a terminal ID converted from the transaction authenticator and the business partner authenticator, and the transaction If the information and the card ID do not match each other, the electronic money server 13 transmits a message to the effect that charging cannot be performed to the electronic money terminal 15B, and notifies the administrator of the detection of fraud or abnormality.

When receiving the withdrawal message, the bank center 17 refers to the account table shown in FIG.
Search for the account number "30000001" of the settlement account 99 "and determine whether or not the balance of the corresponding account number is equal to or more than the designated charge amount of 10,000 yen. If the balance is less than 10,000 yen, The bank center 17 transmits to the electronic money server 13 a message indicating that the balance cannot be charged because the balance is insufficient.If the balance is 10,000 yen or more, the bank center 17 moves the settlement account "300000001" to another account of the bank center 17. Is transferred to the electronic money server 13 (L5).

The electronic money server 13 is provided at the bank center 17
Receives a withdrawal completion message from the electronic money card 19
An authentication grant request for authentication of the card ID of A and the personal public key Pk2A is transmitted to the certificate authority 11 together with the card ID "C99" and the personal public key Pk2A (L6).

The certificate authority 11 adds the received card ID “C99” and the personal public key P to the list of the card ID and the personal public key Pk2 of the electronic money card 19A stored therein.
k2A exists (that is, registered in the certificate authority 11)
Check that. When the card ID “C99” and the personal public key Pk2A are registered in the certificate authority 11, the certificate authority 11 uses the center secret key Ck1 to
D “C99” and authentication information ΔC for personal public key Pk2A
k1 (C99 + Pk2A)}, and transmits it to the electronic money server 13 together with an authentication completion message indicating the completion of authentication (L
7).

When the electronic money server 13 receives the authentication completion message, the usage category “charge”, date of use, card ID “C99”, terminal ID “T150”, charge amount “10,000 yen”, transaction authenticator , And a transaction history is generated by a supplier authenticator and stored as shown in FIG. Further, 10,000 yen is added to the balance of the card ID “C99” in the balance table shown in FIG. Further, authentication information from the certificate authority 11 is added to the generated transaction history, and transmitted to the electronic money terminal 15B together with the charge completion message (L8).

When the electronic money terminal 15B receives the transaction history with the authentication information, the electronic money terminal 15B converts the authentication information {Ck1 (C99 + Pk2A)} to the card I using the center public key Ck2.
D is converted to "C99" and the personal public key Pk2A and checked. When it is confirmed that the authentication information is correct, the received transaction history is stored in the IC of the electronic money card 19A.
The data is transmitted to the chip 20 (L9). The IC chip 20 adds 10,000 yen to the balance stored by itself based on the received transaction history.

The electronic money terminal 15 B reads the final transaction pointer from the IC chip 20 and
The transaction history is added to the position next to the position indicated by the last transaction pointer, and the last transaction pointer and the transmitted pointer are updated to indicate the added transaction history. Then, terminal 1
5B displays the completion of charging on the display unit 32 and discharges the electronic money card 19A. In this way, the user A can charge his / her own electronic money card 19A with electronic money for 10,000 yen.

(2) Personal Authentication Information Issuing Process Next, a process of issuing personal authentication information stored in the IC unit 20 of the electronic money card 19 (personal authentication information issuing process) will be described. In the offline electronic money payment process described below, the electronic money card 19 presents the personal authentication information to the electronic money terminal 15 and receives confirmation of the personal authentication information by the electronic money terminal 15.
It is possible to trade. Since the personal authentication information is created based on the card ID of the electronic money card 19 and the personal public key Pk2, it needs to be obtained every time the personal secret key Pk1 and the personal public key Pk2 are changed.

FIG. 10 is a schematic diagram of the personal authentication information issuing process. First, as shown in FIG. 8, “4) Issue of personal authentication information” is selected from the processing menu displayed on the display unit 32, and the electronic money card 19 is inserted into the electronic money terminal 15. In response to this operation, the electronic money terminal 15 transmits a request signal indicating a request for the card ID and the personal public key Pk2 to the IC unit 20 of the electronic money card 19 (P1).
1).

In response to the request signal, the IC chip 20 of the electronic money card 19 sends the card ID and the personal public key P
k2 is transmitted to the electronic money terminal 15 (P12). The electronic money terminal 15 receives the card ID and the personal public key Pk2.
Is transmitted to the electronic money server 13 together with an authentication information issuance request for requesting personal authentication information (P13). Note that the authentication information issuance request includes the terminal ID.

When the electronic money server 13 receives the card ID, the personal public key Pk2, and the authentication information issuance request from the electronic money terminal 15, the received card ID and terminal ID are registered in the accident card ID list and the accident terminal ID list. Check if it is.

As a result of the check, if at least one of the received card ID and the terminal ID is registered in the accident card ID list or the accident terminal ID list, the electronic money server 13 issues personal authentication information to the electronic money terminal 15. In addition to transmitting a message to the effect that it is not possible, the administrator is notified of the detection of fraud by displaying a message or the like. The electronic money terminal 15 displays this message.

If the received card ID and terminal ID are not registered in the accident card ID list and the accident terminal ID list, the electronic money server 13
D, a request for issuing a personal public key Pk2 and personal authentication information (a request for issuing personal authentication information) is transmitted to the certificate authority 11 (P14).

Upon receiving the card ID, the personal public key Pk2, and the request for issuing personal authentication information from the electronic money server 13, the certificate authority 11 receives the card ID and the personal public key by referring to the list of the card ID and the personal public key stored therein. It is checked whether the card ID and the personal public key are registered as usable in the present system. If not registered, the certificate authority 11 transmits a message to that effect to the electronic money server 13. The electronic money server 13 transmits a similar message to the electronic money terminal 15. Electronic money terminal 1
5 displays this message.

On the other hand, the received card ID and personal public key P
If k2 is registered, the certificate authority 11 uses the signature key Sk for generating personal authentication information to generate the personal authentication information {Sk (card I
D + Pk2)}, and transmits it to the electronic money server 13 together with the issuance completion message (P15).

The electronic money server 13 transmits the personal authentication information {Sk (card ID + Pk2)} and the issuance completion message from the certificate authority 11 to the electronic money terminal 15 (P16). The electronic money terminal 15 transmits the received personal authentication information {Sk (card ID + Pk2)} to the IC unit 2 of the electronic money card 19.
0 (P17). The IC unit 20 stores the received personal authentication information {Sk (card ID + Pk2)} in the storage circuit. Thereafter, the electronic money terminal 15 displays that the acquisition of the personal authentication information has been completed on the display unit 32 and ejects the electronic money card 19.

For example, the user A executes the personal authentication information issuance processing by the electronic money card 19A (card ID “C9
An example in which the personal authentication information of 9 ″) is acquired will be described with reference to FIG.

First, the user A selects “4) Issue personal authentication information” from the menu displayed on the display unit 32, and inserts the electronic money card 19A into the electronic money terminal 15B. In response to this operation, the electronic money terminal 15B transmits a request signal requesting transmission of the card ID and the personal public key to the electronic money card 19A (L11).

The IC section 20 of the electronic money card 19A
When the request signal is received from the electronic money terminal 15B, the card ID "C99" and the personal public key Pk2A are transmitted to the electronic money terminal 15B (L12). Electronic money terminal 15B
Is the received card ID "C99" and the personal public key Pk2A
Is transmitted to the electronic money server 13 together with the authentication information issuance request (L13).

The electronic money server 13 compares the received card ID “C99” and the personal public key Pk2A with the accident card I
By determining whether the electronic money card 19 and the electronic money terminal 15 are registered in the D list and the accident terminal ID list, unauthorized use of the electronic money card 19 and the electronic money terminal 15 is checked. If it is determined that the unauthorized use has occurred, the electronic money server 13 transmits a message to the effect that the personal authentication information cannot be issued to the electronic money terminal 15B, and notifies the administrator of the fraud detection by displaying a message or the like. The electronic money terminal 15B displays this message.

As a result of the check, the electronic money card 19A
And if the electronic money terminal 15B can be used, the card I
D “C99” and the personal public key Pk2A are transmitted to the certificate authority 11 together with a request for issuing personal authentication information (L14).

The certificate authority 11 digitally signs the card ID “C99” received from the electronic money server 13 and the personal public key Pk2A using the signature key Sk to generate personal authentication information {Sk (C99 + Pk2A)}. Is transmitted to the electronic money server 13 together with the issuance completion message (L1
5).

The electronic money server 13 transmits the personal authentication information {Sk (C99 + Pk2A)} from the certificate authority 11 and the issuance completion message to the electronic money terminal 15 (L16). The electronic money terminal 15 transmits the personal authentication information received from the electronic money server 13 to the electronic money card 19A (L
17). The IC section 20 of the electronic money card 19A stores the personal authentication information received from the electronic money terminal 15.
Thereafter, the electronic money terminal 15B displays on the display unit 32 that the acquisition of the personal authentication information is completed, and discharges the electronic money card 19A.

The personal authentication information may be automatically acquired via the electronic money terminal 15 when the personal secret key Pk1 and the personal public key Pk2 are changed by the electronic money terminal 15.

(3) Electronic Money Payment Processing Next, electronic money payment processing will be described with reference to FIG. This process is performed, for example, in a store or the like,
This is a process for purchasing a service or the like and paying the fee by electronic money. The electronic money terminal 15 is, for example, as shown in FIG.
It takes the form of a POS terminal, a vending machine, or the like as shown in FIG.

For example, the POS terminal type electronic money terminal 15
After calculating the sales amount, a message to select the payment method is displayed on the display unit 32. Here, when the payment by the electronic money card is selected, an instruction to insert the electronic money card 19 is displayed, and the electronic money card 19 is inserted into the electronic money terminal 15.

In response to the insertion of the electronic money card 19, the electronic money terminal 15 receives the transaction information including the transaction type, the use date and the transaction amount (payment amount), and the terminal ID.
, Card ID, personal public key Pk2, and personal authentication information ｛Sk
(Card ID + Pk2)} and a request signal for requesting transmission of the balance are transmitted to the electronic money card 19 (P21).

The IC unit 20 of the electronic money card 19 adds the card ID to the received terminal ID and transaction information, and creates a transaction authenticator {Pk1 (terminal ID + transaction information + card ID)} using the personal secret key Pk1. I do. The IC unit 20 creates the transaction authenticator $ Pk1 (terminal ID + transaction information + card I
D) The card ID, personal public key Pk2, personal authentication information {Sk (card ID + Pk2)}, and the balance are transmitted to the electronic money terminal 15 (P22).

The electronic money terminal 15 sends the card ID, the personal public key Pk2, the personal authentication information {Sk (card ID + Pk2)}, the balance and the transaction authenticator {Pk} from the electronic money card 19.
When 2 (terminal ID + transaction information + card ID)} is received, first, personal authentication information {Sk (card ID + Pk2)}
Is converted into a card ID and a personal public key Pk2 using the inspection key Ek, and it is determined whether or not these match the card ID and the personal public key Pk2 received from the electronic money card 19. If they do not match, the electronic money terminal 15 determines that there is any fraud, displays a message indicating that the transaction is not possible,
The fraud detection is notified to the electronic money server 13.

When the electronic money terminal 15 determines that the card ID and the personal public key Pk2 decrypted from the personal authentication information match the card ID and the personal public key Pk2 received from the electronic money card 19, the received balance is paid. It is determined whether the amount is equal to or more than the amount. If the balance is equal to or more than the payment amount, it is determined that payment is possible, and the business partner authenticator @ Tk1 (terminal ID) using the terminal secret key Tk1 for the transaction information, card ID and terminal ID.
+ Transaction information + card ID)}. The electronic money terminal 15 has transaction information, card ID, terminal ID, transaction authenticator {Pk2 (terminal ID + transaction information + card ID)} and supplier authenticator {Tk1 (terminal ID + transaction information + card ID)}.
The transaction history is further constructed, transmitted to the electronic money card 19 together with the payment completion message (P23), and further stored in its own storage unit 30.

The IC section 20 of the electronic money card 19 updates the balance stored in the storage circuit based on the received transaction history and transfers the value of the final history pointer to the electronic money terminal 15. The electronic money terminal 15 writes a transaction history at the address next to the address indicated by the final history pointer of the optical storage unit 21 of the electronic money card 19 and sends a command to the IC unit 20 to update the final history pointer. In response to this command, the IC unit 20 updates the value of the last transaction pointer stored in the storage circuit. However, the value of the transmitted pointer is not updated. Thereafter, the electronic money terminal 15 displays that the payment has been completed and ejects the electronic money card 19.

As described above, this electronic money payment processing is an offline processing performed between the electronic money card 19 and the electronic money terminal 15. As a result, the processing speed can be improved, the response can be made faster, and the waiting time of the customer can be reduced.

The electronic money terminal 15 communicates with the electronic money server 13 at a predetermined timing and transmits the transaction history stored in the storage unit 30. Electronic money server 13
Stores the received transaction history in the transaction history table as shown in FIG. The timing at which the electronic money terminal 15 transmits the transaction history to the electronic money server 13 is preferably, for example, a timing immediately after the electronic money payment processing is completed. However, the present invention is not limited to this, and may be arbitrary, for example, every fixed period (for example, every 10 minutes), in response to polling from the electronic money server 13, and the like.

After transmitting the transaction history stored in the storage unit 30 to the electronic money server 13, the electronic money terminal 15 may delete the transmitted transaction history or add a transmitted flag or the like. Thus, the transmitted transaction history and the untransmitted transaction history may be managed separately.

In the electronic money payment processing, for example, the user A checks that the electronic money terminal 15B whose terminal ID is “T150”
Is purchased at the store where is set, and the payment is made to the electronic money card 19A (card ID "C9
9 ") will be described as an example with reference to Fig. 13. First, the amount" 10,000 yen "is displayed as a payment amount on the display unit 32 of the electronic money terminal 15B (for example, a POS terminal), and First, assume that payment by electronic money is selected, first, the user A or a clerk inserts the electronic money card 19A into the electronic money terminal 15B.

In response to the insertion of the electronic money card 19A, the electronic money terminal 15B responds to the insertion of the electronic money card 19A with the transaction information including the transaction category, the transaction date and the transaction amount, and the terminal ID "T15
0 ", a card ID" C99 ", a personal public key Pk2, personal authentication information, and a request signal for requesting transmission of the balance are transmitted to the electronic money card 19A (L21).

The electronic money card 19A adds the card ID “C99” to the received terminal ID “T150” and the transaction information, and uses the personal secret key Pk1A to make the transaction authenticator {Pk1A}.
(T150 + transaction information + C99) is created. The electronic money card 19A uses the created transaction authenticator @ Pk2A (T
150 + transaction information + C99) and the card ID “C9
9 ", the personal public key Pk2A, and the personal authentication information @Sk (C
99 + Pk2)} and the balance are transmitted to the electronic money terminal 15 (L22).

The electronic money terminal 15B receives the card ID “C99” and the personal public key Pk2 from the electronic money card 19A.
A and personal authentication information {Sk (card ID + Pk2)}, balance and transaction authenticator {Pk1A (T150 + transaction information + C9)
9) is received and personal authentication information {Sk (C99 + Pk)
2) Using the inspection key Ek stored in advance,
D and a personal public key Pk2A. Next, it is confirmed that the card ID and the personal public key Pk2A decrypted from the personal authentication information match the card ID “C99” of the electronic money card 19A and the personal public key Pk2A.

Next, the electronic money terminal 15B stores the balance of the electronic money card 19A in the payment amount (in this case, 10,000 yen).
It is determined whether or not this is the case. If the balance is 10,000 yen or more, the electronic money terminal 15B uses the terminal secret key Tk1B for the terminal ID “T150”, the transaction information, and the card ID “C99” to authenticate the customer counterpart {Tk1B (T150 + transaction information + C9).
9) Generate｝. Further, the terminal ID “T150”, the transaction information, the card ID “C99”, and the transaction authenticator @ Pk1A
(T150 + transaction information + C99)} and supplier authenticator {T
A transaction history is constructed from k1B (T150 + transaction information + C99) @, and the electronic money card 19A together with the payment completion message.
(L23). The transaction history is also stored in its own storage unit 30. After that, the electronic money terminal 15B
The electronic money card 19A is ejected while displaying that the payment is completed.

The IC section 20 of the electronic money card 19A
Based on the transaction history received from the electronic money terminal 15B, the balance is reduced by 10,000 yen and the value of the final transaction pointer is transmitted to the electronic money transaction terminal 15B. The electronic money transaction terminal 15B stores the transaction history at the address next to the address indicated by the last transaction pointer in the optical storage unit 21. Thereafter, the value of the final read pointer is updated in the IC unit 20 so as to indicate the next address position. However, the value of the transmitted pointer is not updated.

On the other hand, the electronic money terminal 15B determines that the card ID converted from the personal authentication information {Sk (card ID + Pk2)} and the personal public key Pk2 match the card ID “C99” of the electronic money card 19A and the personal public key Pk2A. If not, the electronic money terminal 15B determines that the electronic money card 19A is a fraudulent card, displays a message indicating that payment is impossible on the display unit 32, and notifies the electronic money server 13 of fraud detection. When the balance of the electronic money card 19A is less than 10,000 yen, the electronic money terminal 15
B displays on the display unit 32 a message indicating that payment is not possible due to insufficient balance.

The electronic money terminal 15B transmits the transaction history stored in the storage unit 30 to the electronic money server 13 after completing the payment processing. When the electronic money server 13 receives the transaction history, as shown in FIG.
Store in transaction history table. Electronic money terminal 15B
After the transmission of the transaction history stored in the transaction history storage unit 30 from the electronic money server 13 is completed, the transmitted transaction history may be deleted, or the transmission may be performed by adding a transmitted flag or the like. The transaction history that has already been transmitted and the transaction history that has not been transmitted may be managed separately.

In the above description, the payment processing is performed offline. However, in order to enhance security, if the transaction amount is a certain amount or more, it may be processed online. A limit may be set.

(4) Matching Process When the payment process or the like is executed, a transaction history not transmitted to the electronic money server 13 is generated in the electronic money card 19. These transaction histories are transmitted to the electronic money server 13 prior to the processing when online processing (for example, electronic money charging processing) is performed. The electronic money server 13 includes an electronic money card 19
When the transaction history is received via the electronic money terminal 15 from the electronic money terminal 15, the validity of the transaction history is checked by comparing the transaction history with the transaction history stored therein. The outline of the matching process will be described with reference to FIG.

Upon receiving the signal from the electronic money terminal 15, the IC unit 20 of the electronic money card 19 determines the content of the process indicated by the received signal, and determines whether or not it indicates an online process. I do. When the received signal indicates the online processing, the IC unit 20 determines whether or not the value of the last transaction pointer matches the value of the transmitted pointer before executing another processing. . If it is determined that they do not match, the IC unit 20 transmits the transaction history and the card ID stored in each address from the position next to the pointer indicated by the transmitted pointer to the position indicated by the final transaction pointer, together with the interrupt signal. Is transmitted to the electronic money terminal 15 (P31).

For example, “electronic money charge processing” is selected from the processing menu, and the electronic money card 19 is selected.
Is inserted into the electronic money terminal 15 and the amount is input, the electronic money terminal 15 transmits, for example, transaction information and the like to the IC unit 20 of the electronic money card 19 in order to perform a charging process (FIG. 7 P1, L1 in FIG. 9).

The IC unit 20 determines from the transaction information that the designated process is an online process, and determines whether the final transaction pointer of the IC unit 20 matches the transmitted pointer. If it is determined that they do not match, the IC
The electronic money terminal 15 stores the transaction history, the card ID, and the personal public key Pk2 stored at each address from the position next to the pointer indicated by the transmitted pointer to the position indicated by the final transaction pointer, together with the interrupt signal. (P31).

The electronic money terminal 15 transmits the received card ID, personal public key Pk2, and transaction history to the electronic money server 13 in response to the interrupt signal (P32).

The electronic money server 13 sends the received card ID and the personal public key Pk2 together with a confirmation request for confirming that they are registered in the certificate authority 11 together with the certificate authority 1.
1 (P33).

The certificate authority 11 determines whether the received card ID and personal public key Pk2 are registered in the card ID and personal public key list stored therein. When the registration is confirmed, a confirmation completion message indicating the completion of the confirmation is returned to the electronic money server 13 (P34). If the received card ID and the personal public key Pk2 are not registered, the certificate authority 11 detects the fraudulently by the electronic money server 13.
Notify.

Upon receiving the confirmation completion message from the certificate authority 11, the electronic money server 13 matches the transaction history received from the electronic money card 19 with the transaction history stored therein. When all the received transaction histories and the transaction histories stored therein match and the matching is completed, the electronic money server 13 transmits a matching completion message to the electronic money terminal 15 (P35).

The electronic money terminal 15 transmits the received matching completion message to the electronic money card 19 (P3
6). When receiving the matching completion message, the electronic money card 19 updates the transmitted pointer stored in the IC unit 20 so as to match the last transaction pointer. Subsequently, a process originally required by the electronic money terminal 15 is executed.

When the electronic money server 13 determines that the received transaction history and the transaction history stored therein do not match, the electronic money server 13 notifies the electronic money terminal 15 of the mismatch, and detects the fraud by displaying a message or the like. Notify the administrator, etc.

When the last transaction pointer matches the transmitted pointer, the electronic money card 19 continues the processing according to the request signal because there is no unsent history.

This matching process may be executed only after the electronic money payment process has been performed. In this case, for example, when the electronic money terminal 15 executes the electronic money payment processing, the IC section 20 of the electronic money card 19
To set the unsent history flag. When the electronic money card 19 is inserted and the online processing is instructed, the electronic money transaction terminal 15 determines whether or not the unsent history flag is on, and if it is on, executes the above matching processing.

This matching process will be specifically described with reference to FIGS. Here, user A has previously
It is assumed that the electronic money is paid by the electronic money card 19A of the card ID “C99”, and the unsent transaction history is stored in the optical storage unit 21 of the electronic money card 19A.

The user A, for example, instructs charging of electronic money, and inserts the electronic money card 19A into the electronic money terminal 15B. The electronic money terminal 15B stores the transaction information including the transaction category (charge), the use date and the transaction amount, and the terminal ID into the card ID and the personal public key Pk2.
Of the electronic money card 19A together with the request signal for requesting
It transmits to C section 20.

The IC section 20 determines from the transaction information that online processing has been selected, and determines whether or not the final transaction pointer stored therein matches the transmitted pointer. As shown in FIG. 16, the transmitted pointer points to the address “2”, and the last transaction pointer is the address “2”.
5 ”, the IC unit 20 sets the address“ 2 ”next to the address“ 2 ”indicated by the transmitted pointer.
Address "5" to which the last transaction pointer points from "3"
Signal of transaction history R3 to R5 up to interrupt signal and card I
D "C99" and the personal public key Pk2A are transmitted to the electronic money terminal 15B (L31). Electronic money terminal 15B
Transmits the received transaction histories R3 to R5, the card ID and the personal public key Pk2A to the electronic money server 13 (L3
2).

The electronic money server 13 transmits the received card ID “C99” and the personal public key Pk2A to the certificate authority 11 together with a confirmation request (L33). The certificate authority 11 confirms that the received card ID and personal public key Pk2A are registered in the card ID and personal public key list stored therein, and transmits a confirmation completion message to the electronic money server 13 ( L34).

When receiving the confirmation-completed message, the electronic money server 13 compares the transaction histories R3 to R5 with the transaction history stored therein. That is, addresses “3” to “”
The transaction history R3 to R5 of 5 ″ are all stored in the electronic money server 13.
Check that it matches the transaction history stored in. As a result of the check, if the transaction histories R3 to R5 match the transaction histories stored in the electronic money server 13, the electronic money server 13 checks the balance of the card ID “C99” in the balance table shown in FIG. Is updated, and the matching completion message is transmitted to the electronic money terminal 15B (L3
5). The electronic money terminal 15B transmits the received matching completion message to the electronic money card 19A (L3
6). When receiving the matching completion message, the electronic money card 19A updates the transmitted pointer stored in the IC unit 20 from “2” to “5” as shown in FIG.

Thereafter, the electronic money terminal 15 and the electronic money card 19A execute the designated electronic money charging process.

In the matching process described above, the transaction history from the electronic money card 19 is compared with the transaction history from the electronic money terminal 15 stored in the electronic money server 13. This makes it possible to easily detect a transaction history that has been fraudulently generated (for example, the transaction amount has been falsified). Further, when fraud is detected, by referring to the transaction history stored in the optical storage unit 21 of the fraudulent electronic money card 19, when, where and how much is used
Etc. can be known.

(5) Electronic Money Transfer Processing Next, an outline of electronic money transfer processing will be described with reference to FIG. The side that transfers (transfers) the electronic money is referred to as the electronic money card 19A, and the side that receives the transfer is the electronic money card 19B.

In accordance with the screen display shown in FIG.
"3) Transfer of electronic money" is selected from the processing menu displayed on the electronic money card 19A, and the electronic money card 19B is inserted into the card insertion slot 35A.
B, and the transfer amount from the electronic money card 19A to the electronic money card 19B is input. In response to this input, the electronic money terminal 15 stores the transaction classification (1) in the electronic money card 19A and the electronic money card 19B.
(Transfer from 9A to 19B), transaction information including the date of use, and transaction amount, a terminal ID, and a request signal indicating a request for a card ID and a personal public key, respectively (P4).
1).

When receiving the terminal ID, the transaction information, and the request signal, the electronic money card 19A uses the personal secret key Pk1A, and uses the terminal ID, the transaction information, and the transaction authenticator {Pk1A (terminal ID + transaction information) corresponding to the card ID of its own. + 19A card ID) @ is created. Electronic money card 19A
Is the created transaction authenticator, card ID and personal public key Pk2
A is transmitted to the electronic money terminal 15 (P42).

The electronic money card 19B has a terminal ID
Upon receiving the transaction information and the request signal, the personal secret key Pk1
B, the customer ID {Pk1B (terminal ID + transaction information + 1) for the terminal ID, transaction information, and own card ID
9B card ID) @. Electronic money card 1
9B transmits the created supplier authenticator, card ID and personal public key Pk2B to the electronic money terminal 15 (P4
2).

The electronic money terminal 15 receives the transaction authenticator {Pk1A (terminal ID + transaction information + card ID of 19A)} received from the electronic money card 19A, the card ID, the personal public key Pk2A, and the transaction received from the electronic money card 19B. The pre-authenticator {Pk1B (terminal ID + transaction information + card ID of 19B)}, the card ID, the personal public key Pk2B, and an instruction to move the amount (transfer amount) input from the electronic money card 19A to the electronic money card 19B. A transfer request message is transmitted to the electronic money server 13 (P4
3). The transfer request message includes the terminal ID.

The electronic money server 13 stores the received card I of the electronic money card 19A and the received electronic money card 19B.
D and terminal ID are accident card ID list and accident terminal I
It is determined whether or not it is registered in the D list.

If the received card ID and terminal ID are not registered in the accident card ID list and the accident terminal ID list, the electronic money server 13 checks the balance of the electronic money card 19A in the balance table shown in FIG. Check. If the balance is insufficient, a message indicating that the balance is insufficient is transmitted to the electronic money terminal 15. The electronic money terminal 15 displays a message indicating that the designated amount cannot be transferred due to insufficient balance.

If the balance is equal to or greater than the designated transfer amount, the electronic money server 13 uses the personal public key Pk2A of the electronic money card 19A to make the transaction authenticator {Pk1A (terminal ID +
Is converted into a terminal ID, transaction information, and a card ID of the electronic money card 19A. Further, using the personal public key Pk2B of the electronic money card 19B, the supplier authenticator @ Pk1B (terminal ID + transaction information + 1)
9B card ID) is converted into a terminal ID, transaction information, and a card ID of the electronic money card 19B. Next, it is determined whether or not the converted contents are correct. That is, the transaction information and the terminal ID decrypted from the transaction authenticator match with the terminal ID, the card ID converted from the transaction authenticator matches the card ID of the electronic money card 19A of the transfer source, and the transaction It is checked that the card ID converted from the former authenticator matches the card ID of the transfer destination electronic money card 19B. If it is determined that all match, the electronic money card 19A and the electronic money card 19 in the balance table are displayed.
The balance of B is updated.

Next, the electronic money server 13 checks the card IDs of the electronic money cards 19A and 19B.
And the personal public key is transmitted to the certificate authority 11 together with the authentication grant request (P44).

In response to the authentication grant request, the certificate authority 11 registers the received card IDs of the electronic money cards 19A and 19B and the personal public keys Pk2A and Pk2B in the card ID and personal public key list stored therein. Check if it is. If it is determined that these are registered, the authentication information {Ck1 (19A card ID + Pk2A)} and {Ck1 (1) are used for them using the center secret key Ck1.
9B card ID + Pk2B)}, and transmits it to the electronic money server 13 together with the authentication completion message (P4).
5).

In response to the authentication completion message, the electronic money server 13 generates and stores a transaction history of the electronic money card 19A as the transfer source and a transaction history of the electronic money card 19B as the transfer destination. Further, the authentication information from the certificate authority 11 is added to the transaction history and transmitted to the electronic money terminal 15 together with the transfer completion message (P46).

When receiving the transaction history and the authentication information, the electronic money terminal 15 converts the authentication information into a card ID and a personal public key Pk2 using the center public key Ck2 and checks it. When it is confirmed that the authentication information is correct, the received transaction history is transmitted to the electronic money card 19A and the electronic money card 19B in response to the transfer completion message (P47). IC of electronic money cards 19A and 19B
The unit 20 updates the balances stored therein based on the received transaction history. That is, the electronic money card 1
The IC unit 20 of the 9A reduces the stored balance by a predetermined amount based on the received transaction history.
The 9B IC unit 20 increases the stored balance by a predetermined amount based on the received transaction history.

Further, the electronic money cards 19A, 19B
Respectively transmit the value of the final transaction pointer to the electronic money terminal 15. The electronic money terminal 15
The received transaction history is added to the address next to the address indicated by the value of the last transaction pointer in the optical storage unit 21 of the electronic money cards 19A and 19B. Further, the final transaction pointer and the transmitted pointer are updated to indicate the added transaction history. Thereafter, the electronic money terminal 15C displays on the display unit 32 that the transfer of the electronic money has been completed, and discharges the electronic money cards 19A and 19B.

This electronic money transfer processing is performed by the user A from the electronic money card 19A (card ID “C99”) to the electronic money card 19B (card ID “C05”), by the electronic money terminal 15C (terminal ID “T150”). An example in which 30,000 yen of electronic money is transferred via the Internet will be described with reference to FIG.

First, the user A selects “3) Transfer of electronic money” from the processing menu according to the screen display shown in FIG. 8, inserts the electronic money card 19A into the transfer source card insertion slot 35A, and sets the electronic money. The card 19B is inserted into the transfer destination card insertion slot 35B, and the transfer amount is input.

In response to this input, the electronic money terminal 15
C is the electronic money card 19A and the electronic money card 19
B, a transaction ID including a transaction category, a use date and a transaction amount, a terminal ID “T150”, and a card ID
And a request signal indicating a request for a personal public key, respectively (L41).

In response to the request signal, the electronic money card 19A adds the terminal ID “T150” and its own card ID “C99” to the transaction information, and uses the personal secret key Pk1A to make the transaction authenticator {Pk1A (T150 + transaction information). + C99)}, and sends the transaction authenticator to the electronic money terminal 15C together with the card ID “C99” and the personal public key Pk2A (L
42).

In response to the request signal, the electronic money card 19B adds its own card ID “C05” to the terminal ID “T150” and the transaction information, and uses the personal secret key Pk1B to authenticate the supplier authenticator {Pk1B ( T150 + Transaction information + C0
5) Create｝ and set the supplier authenticator to card ID “0”.
5 "and the personal public key Pk2B are transmitted to the electronic money terminal 15C (L42).

The electronic money terminal 15C receives the card ID “C99” received from the electronic money card 19A, the personal public key Pk2A, and the transaction authenticator $ Pk1A (T150 + transaction information +
C99), the card ID “C05” received from the electronic money card 19B, the personal public key Pk2B, and the business partner authenticator {Pk1B (T150 + transaction information + C05)}, and 30,000 from the electronic money card 19A to the electronic money card 19B. A transfer request message instructing to move the electronic money in yen is transmitted to the electronic money server 13 (L43). The transfer request message includes the terminal ID “T150”.

The electronic money server 13 stores the received card I of the electronic money card 19A and the received electronic money card 19B.
It is checked whether D "C99", "C05" and terminal ID "T150" are registered in the list of accident card ID and accident terminal ID. Card ID "C99", "
If it is determined that C05 ”and the terminal ID“ T150 ”are not registered as an accident card or an accident terminal, the electronic money server 13 transmits the electronic money card 19 of the transfer source.
The balance of A is checked with reference to the balance table.

If the balance is less than 30,000 yen, electronic money server 13 transmits a message to the effect that the balance is insufficient to electronic money terminal 15. If the balance is 30,000 yen or more, the electronic money server 13 uses the personal public key Pk2A to send the transaction authenticator {Pk1A (T150 + transaction information + C99)} to the terminal ID.
And the transaction information and the card ID of the electronic money card 19A. In addition, the customer ID {Pk1B (T150 + transaction information + C05)} is transmitted to the terminal ID using the personal public key Pk2B.
And transaction information and a card ID.

Subsequently, it is determined whether or not these contents are correct. That is, the terminal ID converted from the transaction authenticator and the transaction authenticator match the transaction information, and the card ID converted from the transaction authenticator is used as the card ID “C99” of the transfer source electronic money card 19A. A check is made to see if the card ID converted from the supplier authenticator matches the card ID “C05” of the transfer destination electronic money card 19B. As a result of the check, if it is determined that the transaction authenticator and the supplier authenticator are correct, the electronic money server 13
Subtracts 30,000 yen from the balance of the card ID “C99” in the balance table and adds 3 to the balance of the card ID “C05”.
Add 10,000 yen. Next, the electronic money server 13 transmits the card I of the electronic money card 19A and the electronic money card 19B.
D “C99”, “C05” and personal public keys Pk2A, Pk2
B together with the authentication grant request to the certificate authority 11 (L4
4).

The certificate authority 11 responds to the authentication grant request and refers to the card ID and the public key stored therein to thereby obtain the card IDs “C99” and “C05” of the received electronic money cards 19A and 19B. And whether the personal public keys Pk2A and Pk2B are registered in this system. When the certificate authority 11 confirms that they have been registered, the card ID “C99”, “
The authentication information {Ck1 (C99 + Pk2A)} of the electronic money card 19A and the electronic money card 19B using the center secret key Ck1 for C05 ″ and the personal public keys Pk2A and Pk2B.
The authentication information {Ck1 (C05 + Pk2B)} is generated and transmitted to the electronic money server 13 together with the authentication completion message (L45).

The electronic money server 13 stores the authentication information {Ck1} of the electronic money card 19A and the electronic money card 19B.
When (C99 + Pk2A)} and {Ck1 (C05 + Pk2B)} are received, the transaction history of the transfer source electronic money card 19A and the transaction history of the transfer destination electronic money card 19B are generated and stored in the transaction history table. Further, the authentication information from the certificate authority 11 is added to the transaction history and transmitted to the electronic money terminal 15C together with the transfer completion message (L4).
6).

When receiving the transaction history and the authentication information, the electronic money terminal 15 converts the authentication information into a card ID and a personal public key Pk2 using the center public key Ck2 and checks it. When the authentication information is confirmed to be correct, the received transaction history is stored in the electronic money cards 19A and 19B.
Each is transmitted to the C section 20 (L47). The IC units 20 of the electronic money cards 19A and 19B update the balance stored in the storage circuit based on the received transaction history. That is, the electronic money card 19A reduces the balance by 30,000 yen, and the electronic money card 19B increases the balance by 30,000 yen. Further, the electronic money terminal 15C has an electronic money card 19A.
The value of the last transaction pointer is read from the IC unit 20 of the electronic money card 19A and the optical storage unit 21 of the electronic money card 19B.
The transaction history is added to the address next to the address indicated by the value of the last transaction pointer.

Further, the terminal 15C updates the last transaction pointer and the transmitted pointer stored in the IC section 20 of the electronic money cards 19A and 19B so as to indicate the added transaction history. After that, the electronic money terminal 15C
Displays on the display unit 32 that the transfer of the electronic money has been completed, and ejects the electronic money cards 19A and 19B.

The balance of the electronic money card 19A of the transfer source may be checked by the electronic money terminal 15 when "3) Transfer of electronic money" is selected from the menu and the transfer amount is input. Good. In this case, the electronic money terminal 15 makes a balance request to the electronic money card 19A.

In the above description, the transfer processing of the electronic money is executed by the online processing. However, when the transfer amount is equal to or less than a certain amount, the electronic money transfer processing is performed in the electronic money terminal 15 similarly to the electronic money payment processing. Is also good. Thereby, the response speed can be improved. In the case of off-line processing, a limit on the amount of one transfer may be set in order to enhance security.

(6) Electronic Money Conversion Processing Next, the outline of the electronic money conversion processing for converting the electronic money stored in the electronic money card 19 and transferring the electronic money to the settlement account of the user will be described with reference to FIG. . First, as shown in FIG. 8, the user selects “2) redeeming electronic money” from the processing menu displayed on the display unit 32, inserts the electronic money card 19 into the electronic money terminal 15, and sets the cash amount. Enter

In response to the selection, the electronic money terminal 15 responds to the selection by selecting transaction information including the transaction category, date of use, and transaction amount, a terminal ID, a card ID and a request signal indicating a request for a personal public key. Is transmitted to the electronic money card 19 (P51).

The electronic money card 19 responds to the request signal, adds its own card ID to the terminal ID and the transaction information, and uses the personal secret key Pk1 to make a transaction authenticator {Pk1 (terminal ID + transaction information + card ID)}. Is created, and the created transaction authenticator is transmitted to the electronic money terminal 15 together with the card ID and the personal public key (P52).

The electronic money terminal 15 receives the card I
D, the transaction information and the terminal ID are added, and the customer authenticator @ Tk1 (terminal ID + transaction information + card I) using the terminal secret key Tk1.
D) Create｝. The electronic money terminal 15 uses the created supplier authenticator @ Tk1 (terminal ID + transaction information + card I
D) $, the entered cash amount and the electronic money card 1
9 instructs transfer to the corresponding settlement account, a cashing request including the terminal public key Tk2, and the electronic money card 19
And the personal public key Pk2 to the electronic money server 13 (P53). The charge request message includes the terminal ID of the electronic money terminal 15 of the transmission source.

The electronic money server 13 checks whether or not the received card ID and terminal ID of the electronic money card 19 are registered in the accident card ID list and the accident terminal ID list stored therein. When it is determined that the received card ID and terminal ID are not registered in the accident card ID list and the accident terminal ID list, the electronic money server 13 uses the received personal public key Pk2 to make the transaction authenticator {Pk1 ( Terminal ID + transaction information + card I
D)｝ is converted into a terminal ID, transaction information, and a card ID. Further, using the received terminal public key Tk2, the business partner authenticator {Tk1 (terminal ID + transaction information + card ID)} is transmitted to the terminal I.
D, the transaction information, and the card ID are converted, and it is determined whether or not they match. If these match, the electronic money server 13 determines that the transaction authenticator {Pk1 (terminal ID + transaction information + card ID)} and the supplier authenticator {Tk1 (terminal ID +
Transaction information + card ID)｝ is determined to be correct, and card I
D and the personal public key Pk2 together with the certificate grant request
(P54).

The certificate authority 11 responds to the authentication grant request and refers to the card ID and the personal public key list stored therein, so that the received card ID and the personal public key Pk2 are registered in the system. Check if it is. If they are registered, the certificate authority 11 generates the authentication information {Ck1 (card ID + Pk2)} for the received card ID and personal public key Pk2 using the center secret key Ck1, and sends it to the electronic money server 13. It is transmitted (P55).
If the received card ID and personal public key Pk2 are not registered in the system, the certificate authority 11 notifies the electronic money server 13 of fraud detection.

When the electronic money server 13 receives the authentication information {Ck1 (card ID + Pk2)} from the certificate authority 11,
The balance of the electronic money card 19A is checked with reference to the balance table, and if transfer is possible, a transfer request message including the card ID and the transfer amount is created and transmitted to the bank center 17 (P56).

If at least one of the received card ID and terminal ID matches one of the list of unusable card IDs and terminal IDs, or if the transaction ID and the terminal ID converted from the supplier Information and Card I
D does not match each other, the electronic money server 13
Transmits a message to the effect that charging is not possible to the electronic money terminal 15 and notifies the administrator of the fraud detection by displaying a message or the like. When the balance of the electronic money card 19 is insufficient, the electronic money server 13
A message indicating that the balance is insufficient is transmitted to the electronic money terminal 15.

Upon receipt of the transfer request message, the bank center 17 refers to the account table shown in FIG. 5 and transfers the designated amount from another account to the settlement account corresponding to the card ID (P57). After the transfer is completed, Bank Center 17
Transmits the transfer completion message to the electronic money server 13 (P58).

When receiving the transfer completion message, the electronic money server 13 updates the balance in the balance table of the electronic money card 19, generates a transaction history, and stores it in the transaction history table. Next, the electronic money server 13 adds the authentication information {Ck1 (card ID + Pk2)} from the certificate authority 11 to the transaction history, and transmits it to the electronic money terminal 15 together with a redemption completion message indicating that the redemption has been completed (P59). .

When the electronic money terminal 15 receives the transaction history, the authentication information {Ck1 (card ID + Pk2)}, and the transfer completion message, the electronic money terminal 15 uses the center public key Ck2 to authenticate the authentication information {Ck1.
(Card ID + Pk2)｝ is replaced with the card ID and personal public key Pk2
Convert to and check. When the authentication information is confirmed to be correct, the transaction history is transmitted to the electronic money card 19 (P60).

IC card section 20 of electronic money card 19
Updates the balance based on the received transaction history and transmits the value of the final transaction pointer to the electronic money terminal 15. The electronic money terminal 15 adds the received transaction history to the address next to the address indicated by the final transaction pointer in the optical storage unit 21. Subsequently, the last transaction pointer and the transmitted pointer stored in the IC card unit 20 are updated. After that, the electronic money terminal 15 displays on the display unit 32 that the electronic money has been redeemed, and discharges the electronic money card 19.

This electronic money redemption process is performed when the user A transfers 50,000 yen of the electronic money stored in the electronic money card 19A (card ID “C99”) to the electronic money terminal 1.
5B (terminal ID “T150”) and the bank center 1
The case of transferring to the own settlement account of No. 7 will be described with reference to FIG. The user A selects “2) redeem electronic money” from the processing menu displayed on the display unit 32,
The electronic money card 19A is attached to the electronic money terminal 15B, and the cash amount “50,000 yen” is input to the input unit 31.

In response to this operation, the electronic money terminal 15
B indicates, on the electronic money card 19A, the transaction information including the transaction category, the date of use, and the transaction amount, and the terminal ID ".
T150 "and a request signal for requesting transmission of the card ID and the personal public key (L51). The electronic money card 19A responds to the request signal and receives the received terminal ID" T.
150 ”and its own card ID“ C99 ”to the transaction information, and the transaction authenticator {Pk1A” using the personal secret key Pk1A.
(T150 + transaction information + C99) is created. The electronic money card 19A generates the transaction authenticator $ Pk1A (T
150 + transaction information + C99) and card ID “C99”
And the personal public key Pk2A to the electronic money terminal 15B (L52).

[0177] The electronic money terminal 15B adds the transaction information and the terminal ID "T150" to the received card ID "C99" and uses the terminal secret key Tk1 to authenticate the customer authenticator @ Tk1B (T
150 "+ transaction information + C99)}. The electronic money terminal 15B creates the supplier authenticator {Tk1B (T1
50 ”+ transaction information + C99)} and the entered cash amount from the electronic money card 19A to the electronic money card 1
9A, instructing the transfer to the settlement account corresponding to 9A, a cashing request including the terminal public key Tk2B, and the electronic money card 1
9A card ID "C99", personal public key Pk2A,
Transaction authenticator @ Pk1A (T150) + transaction information + C9
9) is transmitted to the electronic money server 13 (L5)
3).

The electronic money server 13 stores the card ID “C99” of the electronic money card 19A and the terminal ID “T15”.
"0" is registered in the accident card ID list and the accident terminal ID list.
When it is determined that D “C99” and the terminal ID “T150” are not registered in the accident card ID list and the accident terminal ID list, the electronic money server 13 uses the received personal public key Pk2A to make the transaction authenticator. ｛Pk1A (T15
0 ”+ transaction information + C99) is converted into transaction information, a card ID and a terminal ID.
The customer authentication code {Tk1B (T150) + transaction information + C99)} is converted into transaction information, a card ID, and a terminal ID using B, and it is determined whether or not they match each other. The money server 13 has the card ID “C9
9 ”and the personal public key Pk2A together with the certificate grant request
1 (L54).

The certificate authority 11 refers to the card ID and the personal public key stored therein, and receives the received card ID “C”.
99 "and the personal public key Pk2A are registered in the system, and if it is confirmed that the personal public key Pk2A has been registered, the authentication information {Ck1 (C99 + Pk2
A) A is generated and transmitted to the electronic money server 13 together with the authentication completion message (L55). The electronic money server 13
From the certificate authority 11, the authentication completion message and the authentication information @ Ck1 (C99
+ Pk2A)}, the balance table card I
It is determined whether or not the balance of D “C99” is equal to or more than the cash amount of 50,000 yen. If the balance is 50,000 yen or more, the electronic money server 1
3 transmits a transfer request message including the card ID “C99” and the transfer amount “50,000 yen” to the bank center 17 (L5
6).

The bank center 17 stores the electronic money server 13
When the transfer request message is received from, the account table is referred to, and 50,000 yen is transferred from another account to the settlement account of user A corresponding to card ID “C99”. When the transfer process is completed, the bank center 17 transmits a transfer completion message to the electronic money server 13 (L57). Electronic money server 13
Receives the transfer completion message, subtracts 50,000 yen from the balance of card ID “C99” in the balance table, generates a transaction history, and stores it in the transaction history table. Next, the electronic money server 13 sends the authentication information {Ck1 (C
99 + Pk2A) @ is added to the transaction history, and transmitted to the electronic money terminal 15B together with the cashing completion message (L58).

The electronic money terminal 15B responds to the cashing completion message and uses the center public key Ck2 to authenticate the authentication information {Ck1.
(C99 + Pk2A) @ is replaced with the card C99 and the personal public key Pk2
Convert to and check. If the authentication information is confirmed to be correct, the transaction history is stored in the electronic money card 19A.
(L59). Electronic money card 19A IC
The unit 20 subtracts 50,000 yen from the balance stored by itself based on the received transaction history. Further, the electronic money terminal 15B adds the received transaction history to the position indicated by the final transaction pointer in the optical storage unit 21, and updates the values of the final transaction pointer and the transmitted pointer. Thereafter, the electronic money terminal 15B displays on the display unit 32 that the electronic money has been redeemed, and discharges the electronic money card 19A.

In this way, the user can convert the electronic money stored in his / her own electronic money card 19 and transfer it to his / her settlement account.

As described above, with this electronic money system, electronic money can be charged to an electronic money card, redeemed, transferred, and used for payment.
In addition, since the transaction history is recorded in the optical storage unit 21, by verifying (tracking) the recorded contents of the write-once type storage unit, it is possible to easily detect an improper act or the like. Furthermore, by recording the transaction history at the center,
Fraud can be more reliably detected.

Note that the present invention is not limited to the above embodiment, and various modifications and applications are possible. For example, the components of the transaction history are arbitrary, and each transaction has a unique transaction I
D, the balance of the electronic money at that time, the transaction time, minute, second, etc. may be included in the transaction history. Further, authentication information and the like may be deleted from the transaction history.

The information for specifying the card may be omitted from the transaction history recorded in the optical storage unit 21. For example, when the electronic money card 19A is charged with electronic money,
In the optical storage unit 21 of the electronic money card 19A, for example,
It records that the transaction is a charge, the date and time of the transaction, the transaction amount, the terminal ID, etc., and does not need to record the information for identifying itself.

Similarly, for example, the electronic money card 19A
When the electronic money is transferred from the electronic money card 19B to the electronic money card 19B, the optical storage unit 21 of the electronic money card 19A indicates that the transaction category is the transfer of the electronic money, the card ID of the transfer destination electronic money card 19B, and the transfer amount. And so on,
The information for specifying the transfer source (electronic money card 19A) is not recorded, and the optical storage unit 21 of the electronic money card 19B stores
The transfer of the electronic money, the card ID of the transfer source electronic money card 19A, the transfer amount, and the like may be recorded, and the information for specifying the transfer destination (the electronic money card 19B) may not be recorded. Thus, the amount of data recorded in the optical storage unit 21 can be reduced.

In the above embodiment, a list of settlement accounts of the user of the electronic money card is registered in the bank center 17,
Although the card ID is converted to the account number of the settlement account, the account number of the settlement account is registered in the IC unit 20 or the optical storage unit 21 of the electronic money card 19, and the charge of the electronic money,
When performing processing such as cash conversion, the account number may be notified to the bank center 17 from the electronic money card 19.

In the above embodiment, the signature key Sk and the inspection key Ek are used to generate and confirm the personal authentication information.
The center secret key Ck1 and the center public key Ck2 may be used.

When this electronic money system is constructed on a network of a wide area network (for example, the Internet), it is desirable to provide a certificate authority 11 and an electronic money server 13 respectively. However, in a closed loop type local network, , The certificate authority 11 and the electronic money server 13 may be realized as one server.

This electronic money system is shown in FIG.
As shown in (1), the configuration may be such that the certificate authority 11 is omitted.
An outline of each process in this case is shown in FIGS. The process in this case is, as apparent from FIGS. 22 to 26 and the previous drawings, the center secret key and the center public key,
The operation is the same as that of the embodiment except that the processes related to the personal secret key, the personal public key, and the authentication are eliminated. According to this configuration, the processing speed is improved in the entire system.

To enhance the security of the system, for example, the legitimacy of the operator of the electronic money terminal 15 may be determined based on the physical characteristics of the operator. For example,
The fingerprint data of the holder is stored in the storage circuit of the IC unit 20 of the electronic money card 19, the fingerprint of the operator of the electronic money terminal 15 is scanned, and the electronic money transaction processing is performed only when the fingerprints match. May be executed.

In this case, the electronic money terminal 15
The fingerprint reader 41 as shown in FIG. 7 is connected. The fingerprint reading device 41 has a reading window 41A for scanning a fingerprint.
And a guide 41B for guiding the finger. Also, I
As shown in FIG. 28, the phase information extracted after the Fourier transform of the fingerprint image of the holder is registered in the storage circuit of the C unit 20 in advance.

As shown in FIG. 28, the fingerprint reader 41 scans an image (fingerprint image) in the reading window 41A to acquire image data, and an image acquired by the image acquiring unit 51. Fourier transform unit 52 for performing a Fourier transform on the data (a waveform thereof), a phase information extracting unit 53 for extracting only the phase information of the Fourier series acquired by the Fourier transform unit 52, and phase information and phase information read from the IC unit 20 A phase synthesizing unit 54 for synthesizing the phase information generated by the extracting unit 53, a Fourier transform unit 55 for performing a Fourier transform on the phase information synthesized by the synthesizing unit 54 to obtain a correlation strength, and a Fourier transform unit 55 Compare the correlation strength with the threshold,
The determination unit 56 determines whether the operator is a valid person.

In such a configuration, for example, when a process is selected from the process menu and the electronic money card 19 is inserted, the electronic money terminal 15 puts a finger on the fingerprint reading device 41 as shown in FIG. Display a message to the effect. The operator operates the fingerprint reader 41 according to the message.
When a finger is placed on the top, the image acquisition unit 51 of the fingerprint reading device 41
Scans the fingerprint in the reading window 41A and captures the image. The Fourier transform unit 52 performs a Fourier transform on the read image, and the phase information extracting unit 53 captures the phase information.

Subsequently, the phase synthesizing unit 54 reads out the phase information registered in the IC unit 20 and
3, and the Fourier transform unit 55 Fourier-transforms the combined data to obtain a correlation strength.

When the correlation strength is equal to or more than a certain value, the judgment unit 56 determines that the fingerprint registered in the IC unit 20 is similar to the read fingerprint, and the operator is a valid holder of the electronic money card 19. Is determined, and control is performed so as to enable subsequent processing corresponding to the selected processing. If the correlation strength is less than a certain value, it is determined that the fingerprint registered in advance in the IC unit 20 and the read fingerprint are not similar, and the display unit 32 displays that the fingerprint collation does not match, so that subsequent operations cannot be performed. Then, the electronic money card 19 is ejected.

According to such a configuration, it is possible to determine whether or not the operator is a legitimate person based on the physical characteristics of the operator and determine whether or not to permit electronic money transactions. . Therefore, unauthorized use of electronic money can be effectively prevented.

The method and circuit for determining the similarity of fingerprints are not limited to the circuit and method shown in FIG. 28, and other methods may be used. Further, the physical characteristics are not limited to fingerprints, and voice prints, facial patterns, retinal patterns, and the like may be used. When a voiceprint is used, the voiceprint feature data is stored in the IC unit 20, a microphone is arranged in the electronic money terminal 15, voice feature data obtained by the microphone is extracted, and stored in the IC unit 20. The correlation strength with the characteristic data is determined, and when the correlation strength is equal to or more than a certain value, the operator is determined to be a valid person.

When a face pattern, a retinal pattern, or the like is used, feature data of the face and the retinal pattern are stored in an IC.
The electronic money terminal 15 stores a camera, extracts image feature data acquired by the camera,
The correlation strength with the feature data stored in the C unit 20 is determined, and when the correlation strength is equal to or more than a certain value, the operator is determined to be a valid person.

[0200] The feature data extracted in advance is an IC.
It may be stored in the unit 20 or may be stored in the optical storage unit 21. Further, feature data indicating a physical feature used at the time of the transaction may be recorded in the optical storage unit 21 as a part of the transaction history information.

In a system handling electronic money, for example,
Obtain information such as the card ID of the user, and
Fraudulent attempts to gain authentication by impersonating the owner of D can be considered. In order to prevent such misconduct, the security of the communication message or the like can be enhanced by encrypting it using an encryption method such as the RSA method.

In this case, for example, the certificate authority 11 generates and stores a center secret key Ck1 and a center public key Ck2. The certificate authority 11 stores the center secret key Ck1 in the electronic money server 13.
By copying the center secret key Ck1 to the center 1
Share within 0. Further, the certificate authority 11 transmits the center public key Ck2 to each electronic money terminal 15 and the electronic money card 19.
And the like via the electronic money server 13 in advance.

Each electronic money card 19 and the electronic money terminal 15 use the center public key Ck2 to send each information (card ID and personal public key for the electronic money card 19, charge request for the electronic money terminal 15, various kinds of information, etc.). Telegram, etc.)
Is transmitted to the electronic money server 13. The electronic money server 13 decrypts and processes the information using the center secret key Ck1. The electronic money server 13 encrypts the transaction history using the personal public key sent from the electronic money card 19 and transmits the transaction history to the electronic money card 19 via the electronic money terminal 15.

By using such a method, the information from the electronic money card 19 and the electronic money terminal 15 is transmitted to the electronic money server 13 and the certificate authority 1 in the center 10.
1 can be decrypted, and the transaction history from the electronic money server 13 is transmitted to the electronic money card 19 without being referred to by the electronic money terminal 15 and decrypted. Further, security can be further improved by periodically changing the secret key and the public key.

The certification authority 11 changes the center secret key Ck1 and the public key Ck2 regularly or irregularly, and sends the center public key Ck2 to the electronic money terminal 15, the center secret key Ck1 to the electronic money server 13, and the like. Send each. When the electronic money card 19 is inserted into the electronic money terminal 15 after changing the center secret key Ck1 and the center public key Ck2, the electronic money terminal 15 notifies the electronic money card 19 of the new center public key Ck2.

The encryption method is not limited to the public key method, and a common key method may be used. In this case, it is desirable to enhance the tamper resistance of the electronic money card 19 from the viewpoint of security.

Each time a transaction is performed in this system, a new encryption key (a pair of a secret key and a public key, a common key, etc.) is issued and notified to the electronic money card. May be used for encryption / decryption.

Furthermore, the key may be generated based on a random number. According to such a system, a key to be issued next cannot be predicted, and leakage of information can be prevented. A key issued in the past and a newly issued key may be combined and used as a key for encryption and decryption. For example, the present key _Kt and the previous key _Kt-1 may be combined, and various information may be encrypted using { _Kt + _Kt-1 } as a key, and further decrypted.

In the electronic money system, it is conceivable to make a complete copy of the electronic money card 19 itself and use it illegally. In order to prevent this kind of illegal use, the electronic money server 13 assigns a unique number to the electronic money card 19 for each transaction, and when the online transaction starts, the electronic money card 19 sends this unique number to the electronic money server. 13 and confirms that it matches the unique number of the electronic money card 19 registered in the electronic money server, and then conducts a transaction. What is necessary is just to comprise so that it may register with the card 19 and the electronic money server 13. According to this configuration, the unique number is updated each time a transaction is made. Therefore, even if a copy of the electronic money card 19 is made, once the transaction is performed, the unique number of the electronic money server except for the one used is changed. 13 and cannot be used. Therefore, unauthorized use by copying the electronic money card 19 can be prevented.

[0210] In the above description, in the process of charging the electronic money to the card, cash equivalent to the charge amount is transferred from the user's account to the settlement account of the system, and the charge amount is paid. For example, payment by credit (credit provision) may be used. in this case,
For example, in response to receiving the charge request, the server stores information such as the charge amount indicated by the request and the account of the user as loan information for a certain period of time, and at a predetermined timing,
Debit from the user's account. In addition, an account dedicated to credit provision is prepared, and the server withdraws the charge amount indicated by the request from the account in response to receiving the charge request. You may do so. In this case, when there is a deposit, the deposit amount is transferred to the loan account of the user. When issuing electronic money by credit or lending, it is desirable to confirm that the amount of credit provided and / or the lending balance (remaining balance) is greater than the amount requested to be issued. In addition, the economic basis for issuing electronic money is arbitrary.

[0211] The electronic money terminal of the present invention can be realized by using an ordinary computer system without using a dedicated system. For example, an electronic money terminal that executes the above-described processing can be configured by installing the program from a medium (a floppy disk, a CD-ROM, or the like) storing the program for performing the above-described operation in a computer. .

[0212] The medium for supplying the program to the computer may be a communication medium (a medium that temporarily and fluidly stores the program, such as a communication line, a communication network, or a communication system). For example, the program may be posted on a bulletin board (BBS) of a communication network and distributed via the network. Then, by starting this program and executing it in the same manner as other application programs under the control of the OS, the above-described processing can be executed.

[0213]

As described above, according to the present invention,
The electronic money card can be charged with electronic money, and various transactions can be performed using the charged electronic money. Moreover, since the transaction history is recorded in the write-once type storage unit,
When an abnormality occurs, by checking the recorded contents of the write-once type storage unit, it is possible to easily detect fraudulent acts and the like. Further, by recording the transaction history even at the center, fraudulent acts can be detected more reliably. In addition, when electronic money is traded, its legitimacy is determined based on the physical characteristics of the operator, so that the reliability of the transaction can be improved.

[Brief description of the drawings]

FIG. 1 is a diagram showing a configuration of an electronic money system according to an embodiment of the present invention.

2A is a diagram showing a structure of a balance table stored in the electronic money server, FIG. 2B is a diagram showing a structure of an accident card list stored in the electronic money server,
(C) is a diagram showing a structure of an accident terminal list stored in the electronic money server.

FIG. 3 is a diagram showing a structure of a transaction history table stored in the electronic money server.

FIGS. 4A and 4B are diagrams illustrating an example of an external configuration of an electronic money terminal.

FIG. 5 is a diagram showing a structure of an account table stored in a bank center.

FIG. 6 is a diagram showing a structure of an electronic money card.

FIG. 7 is a diagram showing an outline of an electronic money charging process.

FIGS. 8A to 8C are diagrams showing display examples of the electronic money terminal.

FIG. 9 is a diagram illustrating a flow of an electronic money charging process.

FIG. 10 is a diagram showing an outline of a personal authentication information issuing process.

FIG. 11 is a diagram illustrating a flow of a personal authentication information issuance process.

FIG. 12 is a diagram showing an outline of electronic money payment processing.

FIG. 13 is a diagram for explaining the flow of electronic money payment processing.

FIG. 14 is a diagram showing an outline of a matching process.

FIG. 15 is a diagram illustrating a flow of a matching process.

FIG. 16 is a diagram illustrating states of an IC unit, an optical storage unit, and a balance table before and after transmission of a non-transmission history in a matching process.

FIG. 17 is a diagram showing an outline of electronic money transfer processing.

FIG. 18 is a diagram for explaining the flow of electronic money transfer processing.

FIG. 19 is a diagram showing an outline of an electronic money redemption process.

FIG. 20 is a diagram for explaining the flow of electronic money redemption processing.

FIG. 21 is a diagram illustrating an example of a configuration of an electronic money system when a certificate authority is not included.

FIG. 22 is a diagram showing a flow of electronic money charge processing when a certificate authority is not included.

FIG. 23 is a diagram showing a flow of electronic money payment processing when a certificate authority is not included.

FIG. 24 is a diagram showing a flow of a matching process when a certificate authority is not included.

FIG. 25 is a diagram showing a flow of electronic money transfer processing when a certificate authority is not included.

FIG. 26 is a diagram showing a flow of electronic money redemption processing when a certificate authority is not included.

FIG. 27 is a diagram illustrating an example of a fingerprint reading device.

FIG. 28 is a diagram illustrating a configuration example of a fingerprint matching circuit;

FIG. 29 is a diagram illustrating a display example of the electronic money terminal at the time of fingerprint collation.

[Explanation of symbols]

 Reference Signs List 10 Center 11 Certificate Authority 13 Electronic Money Server 15 Electronic Money Terminal 19 Electronic Money Card 20 IC Unit 21 Optical Storage Unit 30 Storage Unit 31 Input Unit 32 Display Unit 33 Card Processing Unit 34 Touch Panel 35, 35A, 35B Card Slot 36 Cash Drawer

────────────────────────────────────────────────── ─── Continued on the front page (51) Int.Cl. ⁶ Identification code FI G07F 19/00 G06F 15/30 310 7/08 360 G07D 9/00 476 G07F 7/08 A (72) Inventor Tetsu Sato Tokyo NTT Data Communication Co., Ltd., 3-3-3 Toyosu, Koto-ku

Claims (33)

[Claims] An electronic money card comprising a write-once storage unit and an IC memory unit for storing information relating to a monetary value.
An electronic money system including a plurality of terminals that process the electronic money card, and a computer connected to the plurality of terminals via a communication line, wherein the write-once storage unit stores transaction history information, The IC memory unit stores position information indicating a final position of the transaction history information stored in the write-once type storage unit, and the plurality of terminals store information related to a monetary value in the electronic money card. An input means for inputting an instruction and a transaction amount; an instruction message transmitting means for transmitting the instruction and the transaction amount input by the input means and account identification information for specifying an account to the computer as a charge request message; Comprising: means for receiving the charge request message; and an account identified by account identification information in the received charge request message. And a response message transmitting means for transmitting a response message indicating that the transfer of the amount by the price moving means has been completed, further comprising the plurality of terminals. Responds to the receipt of the response message,
An electronic money system, comprising: means for writing transaction history information corresponding to the response message to the write-once type storage unit according to the position information stored in the IC memory unit. 2. The write-once type storage section of the electronic money card is constituted by an optical storage section in which pits are physically formed by irradiating light energy to which data is written and which cannot be rewritten. The electronic money system according to claim 1, wherein: 3. The electronic money card, wherein at least one of the write-once storage unit and the IC memory unit stores the account identification information, and the instruction message transmission unit is stored in the electronic money card. 3. The electronic money system according to claim 1, further comprising: means for reading the account specifying information; and means for transmitting the read account specifying information. 4. The computer determines whether the balance of the account specified by the account specifying information is equal to or greater than the transaction amount specified by the charge request message. If the balance is less than the transaction amount, an error message is displayed. The electronic money system according to any one of claims 1 to 3, further comprising: a unit for transmitting the transaction to the terminal and stopping the transaction. 5. The transaction history information includes, for each transaction, a transaction type, a transaction date, information for identifying the terminal that has processed the transaction, and a transaction amount. The electronic money system according to claim 1. 6. The write-once storage unit of the electronic money card stores transaction histories of all transactions made with the electronic money card. An electronic money system according to item 1. 7. The computer according to claim 1, wherein said computer includes transaction history storage means for storing transaction histories of all transactions of electronic money of said electronic money card. Electronic money system. 8. At least one of the write-once storage unit and the IC memory unit of the electronic money card stores a card identification code of the electronic money card, the charge request message includes the card identification code, A computer storing the card identification code of the electronic money card whose use is not permitted as an unauthorized card ID; and storing the card identification code included in the charge request message and the unauthorized card ID storage means. The electronic money system according to any one of claims 1 to 7, further comprising: means for comparing the registered fraudulent card ID and detecting a coincident fraudulent card ID to suspend the transaction. . 9. Each of the terminals stores a terminal identification code, the charge request message includes the terminal identification code, and the computer stores the terminal identification code of the terminal not permitted to use as an unauthorized terminal ID. Unauthorized terminal ID
Storage means, and means for comparing the terminal identification code included in the charge request message with the unauthorized terminal ID stored in the unauthorized terminal ID storage means, and stopping a transaction when a matching unauthorized terminal ID is detected. The electronic money system according to any one of claims 1 to 8, wherein: 10. The IC memory unit further includes a certificate authority that stores a pair of personal public keys and a personal secret key, and further includes a personal information storage unit that stores a plurality of the personal public keys of the electronic money card. The request message includes the personal public key of the electronic money card, and the computer includes a personal key transmitting unit that transmits the personal public key to the certificate authority in the received charge request message. Determining whether the received personal public key matches one of the plurality of personal public keys stored in the personal information storage means, and if not, sends a message to the terminal indicating that the transaction is not possible to the terminal. The electronic money system according to any one of claims 1 to 9, further comprising: means for stopping the transaction by performing the transaction. 11. The write-once type storage unit or the IC memory unit stores a card identification code, and further includes a certificate authority including personal information storage means for storing a plurality of the card identification codes of the electronic money card, The request message includes the card identification code, the computer includes means for transmitting the received card identification code to the certification authority, and the certification authority stores the received card identification code in the personal information storage means. It is determined whether or not it matches any of the plurality of card identification codes, and if they do not match,
The electronic money system according to any one of claims 1 to 9, further comprising: means for transmitting a message indicating that the transaction is not possible to the terminal to stop the transaction. 12. Each of the IC memory units includes a pair of a personal public key and a personal secret key, each of the terminals includes a pair of terminal public keys and a terminal secret key, and the charge request message includes information on a transaction. And a first authenticator generated by the electronic money card using the personal secret key; information on the transaction; a second authenticator generated by the terminal using the terminal secret key; A key and the terminal public key, wherein the computer determines whether or not the first and second authenticators match using the personal public key and the terminal public key. The electronic money system according to any one of claims 1 to 11, wherein a process for performing the charge is performed only in the case. 13. The electronic money card according to claim 1, wherein the transaction history stored in the write-once type storage unit of the electronic money card does not include information for identifying the electronic money card. Electronic money system. 14. One of the IC memory unit and the write-once type storage unit of the electronic money card stores characteristic data indicating a physical characteristic of a user. Acquisition means for acquiring characteristic data indicating a characteristic feature, reading means for reading characteristic data from the electronic money card, comparing the characteristic data acquired by the acquisition means with the characteristic data read by the reading means, A discriminating means for discriminating whether or not substantially coincides with each other; and when the discriminating means determines that the discrimination substantially matches, the electronic money transaction through the terminal is enabled, and the discriminating means does not substantially correspond And a transaction control means for prohibiting the transaction of electronic money through the terminal when it is determined that the electronic money transaction has been completed. Temu. 15. An electronic money system for trading electronic money, which is electronic information having a monetary value, comprising: information relating to the electronic money including at least a balance; and a card identification code for identifying itself. First storage means for storing the electronic money transaction history, and second storage means for storing the electronic money transaction history.
A plurality of electronic money cards comprising: a bank center having a settlement account corresponding to each of the electronic money cards; and a terminal identification code for identifying the electronic money card. An electronic device comprising: a charge request input unit for inputting a charge request for instructing the attached electronic money card to replenish the mounted electronic money card with a predetermined amount; and a charge request transmitting unit for transmitting the charge request. A money transaction device; balance storage means for storing balances of the plurality of electronic money cards; and, in accordance with the charge request from the electronic money transaction device, from the settlement account corresponding to the electronic money card to another predetermined account. Charge instructing means for instructing the bank center to move a predetermined amount; Means for adding the predetermined amount to the balance of the electronic money card, transaction history storage means for storing transaction history, and transaction completion notification transmitting means for transmitting a transaction completion notification indicating completion of the transaction to the electronic money transaction device. A computer comprising: a transaction writing unit that writes a transaction history to the second storage unit in response to the transaction completion notification from the transaction completion notification transmitting unit;
And a card balance updating means for adding the predetermined amount indicated by the charge request to the balance stored in the storage means. 16. The computer determines whether the balance of the settlement account corresponding to the electronic money card is equal to or greater than the predetermined amount indicated by the charge request, and if the balance is less than the predetermined amount. The electronic money system according to claim 15, further comprising: means for transmitting an error message to the electronic money transaction device; and means for canceling the transaction. 17. The electronic money card, wherein the first storage means is constituted by an IC chip having a memory, and the second storage means is constituted by a non-rewritable storage medium. The electronic money system according to claim 15 or 16, wherein 18. The transaction history according to claim 15, wherein the transaction history includes the card identification code of the electronic money card and the terminal identification code of the electronic money transaction device.
18. The electronic money system according to 16 or 17. 19. The electronic money card according to claim 15, wherein said transaction history recorded on said electronic money card does not include information for specifying said electronic money card itself.
Or the electronic money system according to 18. 20. The transaction history according to claim 15, wherein the transaction history includes a transaction date, the terminal identification code of the electronic money transaction device that transmitted the charge request, and a transaction amount. Or the electronic money system according to 17. 21. The electronic money card according to claim 15, wherein said second storage means stores transaction histories of all transactions made with said electronic money card. Electronic money system according to the item. 22. The computer according to claim 15, wherein said transaction history storage means of said computer stores transaction histories of all transactions made with said electronic money card. Electronic money system. 23. The charge request transmitted by the charge request transmitting means of the electronic money transaction device includes the card identification code of an electronic money card inserted in the electronic money transaction device, and the computer uses Fraudulent card ID storage means for storing the card identification code of the electronic money card as a fraudulent card ID, and the fraudulent card stored in the fraudulent card ID storage means containing the card identification code included in the charge request. 23. A device according to claim 15, further comprising means for comparing with a card ID to determine whether or not they match each other, whereby an unauthorized electronic money card can be detected. Money system. 24. The charge request transmitted by the charge request transmitting means of the electronic money transaction device includes the terminal identification code of the electronic money transaction device, and the computer does not permit use of the electronic money transaction device. Comparing the terminal identification code included in the charge request with the unauthorized terminal ID stored in the unauthorized terminal ID storage unit, and matching the terminal identification code included in the charge request with the unauthorized terminal ID. The electronic money system according to any one of claims 15 to 23, wherein a means for determining whether or not the electronic money transaction device is provided can detect an unauthorized electronic money transaction device. 25. The electronic money system further comprises a certificate authority storing a registration list of electronic money cards registered in the electronic money system, wherein the charge request includes specific data for specifying the electronic money card, The station determines whether the specific data included in the charge request is registered in a registration list,
The electronic money system according to any one of claims 15 to 24, further comprising: means for canceling a transaction when the electronic money has not been registered. 26. The electronic money card includes a pair of personal public keys and a personal secret key, the electronic money transaction device includes a pair of terminal public keys and a terminal secret key, and the charge request includes information on a transaction. And a first authenticator generated using the personal secret key, information on the transaction, a second authenticator generated using the terminal private key, the personal public key, and the terminal public key. The computer according to any one of claims 15 to 25, wherein the computer uses the personal secret key and the terminal secret key to determine whether the first and second authenticators match. 2. The electronic money system according to claim 1. 27. One of the first storage means and the second storage means of the electronic money card stores characteristic data indicating a physical characteristic of a user, and the electronic money transaction device operates Acquiring means for acquiring characteristic data indicating a physical characteristic of a person, reading means for reading characteristic data from the electronic money card, and characteristic data acquired by the acquiring means and characteristic data read by the reading means. Comparing means for determining whether or not they substantially match; and when the determining means determines that they substantially match, enabling the electronic money transaction through the electronic money transaction device, And a transaction control means for prohibiting the transaction of electronic money via the electronic money transaction device when it is determined that the two do not substantially coincide with each other. 26 an electronic money system according to any one of. 28. An electronic money system for trading electronic money using an electronic money card storing electronic money having a monetary value, wherein the electronic money card comprises a write-once storage unit and an IC memory unit, The IC memory unit stores information for specifying the electronic money card and information for accessing the write-once storage unit, and the electronic money system trades electronic money stored in the electronic money card. Electronic money, and history recording means for storing, in the write-once type storage unit of the electronic money card, a history of electronic money transactions performed using the electronic money card. system. 29. The electronic money system according to claim 28, wherein said electronic money system further comprises history storage means for storing a history of electronic money transactions made in said electronic money system. . 30. An electronic money system for trading electronic money using a medium on which electronic money information is recorded, wherein: reading means for reading characteristic data relating to the physical characteristics of the user recorded on the medium; Scanning means for scanning the whole or a part of a person's body, means for converting data scanned by the scanning means into a data format recorded on a medium, data after conversion and recorded on the medium An electronic money system comprising: means for comparing data; means for determining the degree of coincidence by comparing the data; and means for validating electronic money transactions when the result of the determination is equal to or greater than a certain value. . 31. A computer having a write-once type storage unit and an IC memory unit, and a plurality of terminals for processing an electronic money card for storing information relating to a monetary value, and connected to the plurality of terminals by communication. A computer-readable recording medium that records a program for causing the computer to function as the terminal in a system including: a command for causing the computer to store information relating to a monetary value in the electronic money card; Input means for inputting the amount, instructions and transaction amount input by the input means, and account specifying information for specifying an account,
Means for transmitting to the center as a charge request message, receiving a charge permission message returned from the center in response to the charge request message, and writing data from the IC memory unit of the electronic money card. A computer-readable recording device for reading a position information indicating a position, and writing a transaction history information including information on the monetary value in the write-once type storage unit of the electronic money card according to the position information; Possible recording medium. 32. An electronic money card for storing electronic money information, a card identification code, and a transaction history of electronic money in an electronic money system for trading electronic money, which is electronic information having a monetary value. A computer-readable recording medium functioning as an electronic money transaction device for processing, the computer comprising: a charge request input unit for inputting a charge request for requesting replenishment of the electronic money card with electronic money equivalent to a predetermined amount; Charge request transmitting means for transmitting a charge request to the center, in response to a notification from the center returned in response to the charge request,
Record the transaction history on the electronic money card,
A computer-readable recording medium on which a program for functioning as card updating means for adding the predetermined amount to the balance stored in the electronic money card is recorded. 33. Scanning means for scanning the whole or a part of a card user's body, conversion means for converting data scanned by said scanning means into a predetermined format, and a medium on which electronic money information is recorded. Reading means for reading the recorded characteristic data relating to the physical characteristics of the user, means for comparing the data read by the reading means with the data converted by the conversion means, and determining the degree of coincidence in the comparison of the data A computer-readable recording medium storing a program for functioning as means for performing electronic money transactions when the determination result is equal to or greater than a predetermined value.